Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-13691 (GCVE-0-2019-13691)
Vulnerability from cvelistv5 – Published: 2019-11-25 14:22 – Updated: 2024-08-04 23:57
VLAI?
EPSS
Summary
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Insufficient validation of untrusted input
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/966914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "77.0.3865.75",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient validation of untrusted input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T14:22:54.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/966914"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77.0.3865.75"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient validation of untrusted input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/966914",
"refsource": "MISC",
"url": "https://crbug.com/966914"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-13691",
"datePublished": "2019-11-25T14:22:54.000Z",
"dateReserved": "2019-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"77.0.3865.75\", \"matchCriteriaId\": \"35E0B140-F006-4C6D-86AB-D822C9827E15\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\"}, {\"lang\": \"es\", \"value\": \"La comprobaci\\u00f3n insuficiente de una entrada no confiable en navigation en Google Chrome versiones anteriores a 77.0.3865.75, permiti\\u00f3 a un atacante remoto falsificar el contenido del Omnibox (barra de URL) por medio de una p\\u00e1gina HTML dise\\u00f1ada.\"}]",
"id": "CVE-2019-13691",
"lastModified": "2024-11-21T04:25:31.097",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-11-25T15:15:32.010",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/966914\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/966914\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-13691\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-11-25T15:15:32.010\",\"lastModified\":\"2024-11-21T04:25:31.097\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"La comprobaci\u00f3n insuficiente de una entrada no confiable en navigation en Google Chrome versiones anteriores a 77.0.3865.75, permiti\u00f3 a un atacante remoto falsificar el contenido del Omnibox (barra de URL) por medio de una p\u00e1gina HTML dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"77.0.3865.75\",\"matchCriteriaId\":\"35E0B140-F006-4C6D-86AB-D822C9827E15\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/966914\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/966914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CNVD-2019-42758
Vulnerability from cnvd - Published: 2019-11-29
VLAI Severity ?
Title
Google Chrome Omnibox内容欺骗漏洞
Description
Chrome是由Google开发的一款Web浏览工具。
Google Chrome 77.0.3865.75之前版本存在安全漏洞。该漏洞源于Chrome中的导航对不可信输入的验证不足。远程攻击者可通过特制HTML页面利用该漏洞欺骗Omnibox(网址栏)的内容。
Severity
中
Patch Name
Google Chrome Omnibox内容欺骗漏洞的补丁
Patch Description
Chrome是由Google开发的一款Web浏览工具。
Google Chrome 77.0.3865.75之前版本存在安全漏洞。该漏洞源于Chrome中的导航对不可信输入的验证不足。远程攻击者可通过特制HTML页面利用该漏洞欺骗Omnibox(网址栏)的内容。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-13691
Impacted products
| Name | Google Chrome <77.0.3865.75 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-13691",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691"
}
},
"description": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5de5\u5177\u3002\n\nGoogle Chrome 77.0.3865.75\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eChrome\u4e2d\u7684\u5bfc\u822a\u5bf9\u4e0d\u53ef\u4fe1\u8f93\u5165\u7684\u9a8c\u8bc1\u4e0d\u8db3\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236HTML\u9875\u9762\u5229\u7528\u8be5\u6f0f\u6d1e\u6b3a\u9a97Omnibox\uff08\u7f51\u5740\u680f\uff09\u7684\u5185\u5bb9\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-42758",
"openTime": "2019-11-29",
"patchDescription": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nGoogle Chrome 77.0.3865.75\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eChrome\u4e2d\u7684\u5bfc\u822a\u5bf9\u4e0d\u53ef\u4fe1\u8f93\u5165\u7684\u9a8c\u8bc1\u4e0d\u8db3\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236HTML\u9875\u9762\u5229\u7528\u8be5\u6f0f\u6d1e\u6b3a\u9a97Omnibox\uff08\u7f51\u5740\u680f\uff09\u7684\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome Omnibox\u5185\u5bb9\u6b3a\u9a97\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c77.0.3865.75"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691",
"serverity": "\u4e2d",
"submitTime": "2019-11-27",
"title": "Google Chrome Omnibox\u5185\u5bb9\u6b3a\u9a97\u6f0f\u6d1e"
}
GHSA-3C68-5WGM-9F52
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01
VLAI?
Details
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2019-13691"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-25T15:15:00Z",
"severity": "MODERATE"
},
"details": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"id": "GHSA-3c68-5wgm-9f52",
"modified": "2022-05-24T17:01:55Z",
"published": "2022-05-24T17:01:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/966914"
}
],
"schema_version": "1.4.0",
"severity": []
}
RHSA-2019_3211
Vulnerability from csaf_redhat - Published: 2019-10-29 09:30 - Updated: 2024-11-15 08:27Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Critical
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 77.0.3865.120.
Security Fix(es):
* chromium-browser: Use-after-free in media (CVE-2019-5870)
* chromium-browser: Heap overflow in Skia (CVE-2019-5871)
* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)
* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)
* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)
* chromium-browser: Use-after-free in media (CVE-2019-5876)
* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)
* chromium-browser: Use-after-free in V8 (CVE-2019-5878)
* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)
* chromium-browser: Use-after-free in media (CVE-2019-13688)
* chromium-browser: Omnibox spoof (CVE-2019-13691)
* chromium-browser: SOP bypass (CVE-2019-13692)
* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)
* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)
* chromium-browser: Use-after-free in audio (CVE-2019-13695)
* chromium-browser: Use-after-free in V8 (CVE-2019-13696)
* chromium-browser: Cross-origin size leak (CVE-2019-13697)
* chromium-browser: Extensions can read some local files (CVE-2019-5879)
* chromium-browser: SameSite cookie bypass (CVE-2019-5880)
* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)
* chromium-browser: URL spoof (CVE-2019-13659)
* chromium-browser: Full screen notification overlap (CVE-2019-13660)
* chromium-browser: Full screen notification spoof (CVE-2019-13661)
* chromium-browser: CSP bypass (CVE-2019-13662)
* chromium-browser: IDN spoof (CVE-2019-13663)
* chromium-browser: CSRF bypass (CVE-2019-13664)
* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)
* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)
* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)
* chromium-browser: Global window leak via console (CVE-2019-13668)
* chromium-browser: HTTP authentication spoof (CVE-2019-13669)
* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)
* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)
* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)
* chromium-browser: IDN spoofing (CVE-2019-13674)
* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)
* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)
* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)
* chromium-browser: Download dialog spoofing (CVE-2019-13678)
* chromium-browser: User gesture needed for printing (CVE-2019-13679)
* chromium-browser: IP address spoofing to servers (CVE-2019-13680)
* chromium-browser: Bypass on download restrictions (CVE-2019-13681)
* chromium-browser: Site isolation bypass (CVE-2019-13682)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
9.6 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.6 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 77.0.3865.120.\n\nSecurity Fix(es):\n\n* chromium-browser: Use-after-free in media (CVE-2019-5870)\n\n* chromium-browser: Heap overflow in Skia (CVE-2019-5871)\n\n* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)\n\n* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)\n\n* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)\n\n* chromium-browser: Use-after-free in media (CVE-2019-5876)\n\n* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-5878)\n\n* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)\n\n* chromium-browser: Use-after-free in media (CVE-2019-13688)\n\n* chromium-browser: Omnibox spoof (CVE-2019-13691)\n\n* chromium-browser: SOP bypass (CVE-2019-13692)\n\n* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)\n\n* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)\n\n* chromium-browser: Use-after-free in audio (CVE-2019-13695)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-13696)\n\n* chromium-browser: Cross-origin size leak (CVE-2019-13697)\n\n* chromium-browser: Extensions can read some local files (CVE-2019-5879)\n\n* chromium-browser: SameSite cookie bypass (CVE-2019-5880)\n\n* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)\n\n* chromium-browser: URL spoof (CVE-2019-13659)\n\n* chromium-browser: Full screen notification overlap (CVE-2019-13660)\n\n* chromium-browser: Full screen notification spoof (CVE-2019-13661)\n\n* chromium-browser: CSP bypass (CVE-2019-13662)\n\n* chromium-browser: IDN spoof (CVE-2019-13663)\n\n* chromium-browser: CSRF bypass (CVE-2019-13664)\n\n* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)\n\n* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)\n\n* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)\n\n* chromium-browser: Global window leak via console (CVE-2019-13668)\n\n* chromium-browser: HTTP authentication spoof (CVE-2019-13669)\n\n* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)\n\n* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)\n\n* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)\n\n* chromium-browser: IDN spoofing (CVE-2019-13674)\n\n* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)\n\n* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)\n\n* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)\n\n* chromium-browser: Download dialog spoofing (CVE-2019-13678)\n\n* chromium-browser: User gesture needed for printing (CVE-2019-13679)\n\n* chromium-browser: IP address spoofing to servers (CVE-2019-13680)\n\n* chromium-browser: Bypass on download restrictions (CVE-2019-13681)\n\n* chromium-browser: Site isolation bypass (CVE-2019-13682)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3211",
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1762366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762366"
},
{
"category": "external",
"summary": "1762367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762367"
},
{
"category": "external",
"summary": "1762368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762368"
},
{
"category": "external",
"summary": "1762370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762370"
},
{
"category": "external",
"summary": "1762371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762371"
},
{
"category": "external",
"summary": "1762372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762372"
},
{
"category": "external",
"summary": "1762373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762373"
},
{
"category": "external",
"summary": "1762374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762374"
},
{
"category": "external",
"summary": "1762375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762375"
},
{
"category": "external",
"summary": "1762376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762376"
},
{
"category": "external",
"summary": "1762377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762377"
},
{
"category": "external",
"summary": "1762378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762378"
},
{
"category": "external",
"summary": "1762379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762379"
},
{
"category": "external",
"summary": "1762380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762380"
},
{
"category": "external",
"summary": "1762381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762381"
},
{
"category": "external",
"summary": "1762382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762382"
},
{
"category": "external",
"summary": "1762383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762383"
},
{
"category": "external",
"summary": "1762384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762384"
},
{
"category": "external",
"summary": "1762385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762385"
},
{
"category": "external",
"summary": "1762386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762386"
},
{
"category": "external",
"summary": "1762387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762387"
},
{
"category": "external",
"summary": "1762388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762388"
},
{
"category": "external",
"summary": "1762389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762389"
},
{
"category": "external",
"summary": "1762390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762390"
},
{
"category": "external",
"summary": "1762391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762391"
},
{
"category": "external",
"summary": "1762392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762392"
},
{
"category": "external",
"summary": "1762393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762393"
},
{
"category": "external",
"summary": "1762394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762394"
},
{
"category": "external",
"summary": "1762395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762395"
},
{
"category": "external",
"summary": "1762396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762396"
},
{
"category": "external",
"summary": "1762397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762397"
},
{
"category": "external",
"summary": "1762398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762398"
},
{
"category": "external",
"summary": "1762399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762399"
},
{
"category": "external",
"summary": "1762400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762400"
},
{
"category": "external",
"summary": "1762401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762401"
},
{
"category": "external",
"summary": "1762402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762402"
},
{
"category": "external",
"summary": "1762474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762474"
},
{
"category": "external",
"summary": "1762476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762476"
},
{
"category": "external",
"summary": "1762518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762518"
},
{
"category": "external",
"summary": "1762519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762519"
},
{
"category": "external",
"summary": "1762520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762520"
},
{
"category": "external",
"summary": "1762521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762521"
},
{
"category": "external",
"summary": "1762522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762522"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3211.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-15T08:27:27+00:00",
"generator": {
"date": "2024-11-15T08:27:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:3211",
"initial_release_date": "2019-10-29T09:30:00+00:00",
"revision_history": [
{
"date": "2019-10-29T09:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-29T09:30:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:27:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product_id": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@77.0.3865.120-2.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product_id": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@77.0.3865.120-2.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product_id": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@77.0.3865.120-2.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product_id": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@77.0.3865.120-2.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5870",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762366"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "RHBZ#1762366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5870"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-5871",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762367"
}
],
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Heap overflow in Skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "RHBZ#1762367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5871"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Heap overflow in Skia"
},
{
"cve": "CVE-2019-5872",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762368"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in Mojo",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "RHBZ#1762368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5872"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5872",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5872"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in Mojo"
},
{
"cve": "CVE-2019-5874",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762370"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: External URIs may trigger other browsers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "RHBZ#1762370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5874"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: External URIs may trigger other browsers"
},
{
"cve": "CVE-2019-5875",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762371"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URL bar spoof via download redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "RHBZ#1762371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5875"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: URL bar spoof via download redirect"
},
{
"cve": "CVE-2019-5876",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762374"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "RHBZ#1762374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5876"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5876",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5876"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-5877",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762375"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds access in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "RHBZ#1762375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5877"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds access in V8"
},
{
"cve": "CVE-2019-5878",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762376"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "RHBZ#1762376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5878"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in V8"
},
{
"cve": "CVE-2019-5879",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762377"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Extensions can read some local files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "RHBZ#1762377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5879"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Extensions can read some local files"
},
{
"cve": "CVE-2019-5880",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762378"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SameSite cookie bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "RHBZ#1762378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5880"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SameSite cookie bypass"
},
{
"cve": "CVE-2019-5881",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762379"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Arbitrary read in SwiftShader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "RHBZ#1762379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5881"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Arbitrary read in SwiftShader"
},
{
"cve": "CVE-2019-13659",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762380"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URL spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "RHBZ#1762380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13659",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13659"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13659",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13659"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: URL spoof"
},
{
"cve": "CVE-2019-13660",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762381"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Full screen notification overlap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "RHBZ#1762381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13660"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Full screen notification overlap"
},
{
"cve": "CVE-2019-13661",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762382"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Full screen notification spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "RHBZ#1762382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762382"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13661",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13661"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13661",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13661"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Full screen notification spoof"
},
{
"cve": "CVE-2019-13662",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762383"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: CSP bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "RHBZ#1762383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13662",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13662"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: CSP bypass"
},
{
"cve": "CVE-2019-13663",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762384"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IDN spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "RHBZ#1762384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762384"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13663",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13663"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13663"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: IDN spoof"
},
{
"cve": "CVE-2019-13664",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762385"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: CSRF bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "RHBZ#1762385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13664"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: CSRF bypass"
},
{
"cve": "CVE-2019-13665",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762386"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple file download protection bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "RHBZ#1762386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13665"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple file download protection bypass"
},
{
"cve": "CVE-2019-13666",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762387"
}
],
"notes": [
{
"category": "description",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Side channel using storage size estimate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "RHBZ#1762387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13666"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Side channel using storage size estimate"
},
{
"cve": "CVE-2019-13667",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762388"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URI bar spoof when using external app URIs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "RHBZ#1762388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13667",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13667"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13667"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: URI bar spoof when using external app URIs"
},
{
"cve": "CVE-2019-13668",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762389"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Global window leak via console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "RHBZ#1762389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13668",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13668"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Global window leak via console"
},
{
"cve": "CVE-2019-13669",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762390"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: HTTP authentication spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "RHBZ#1762390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13669",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13669"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13669",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13669"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: HTTP authentication spoof"
},
{
"cve": "CVE-2019-13670",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762391"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: V8 memory corruption in regex",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "RHBZ#1762391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13670",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13670"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13670",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13670"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: V8 memory corruption in regex"
},
{
"cve": "CVE-2019-13671",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762392"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Dialog box fails to show origin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "RHBZ#1762392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13671",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13671"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13671",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13671"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Dialog box fails to show origin"
},
{
"cve": "CVE-2019-13673",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762393"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin information leak using devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "RHBZ#1762393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13673",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13673"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cross-origin information leak using devtools"
},
{
"cve": "CVE-2019-13674",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762394"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IDN spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "RHBZ#1762394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13674"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13674"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: IDN spoofing"
},
{
"cve": "CVE-2019-13675",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762395"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Extensions can be disabled by trailing slash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "RHBZ#1762395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13675"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Extensions can be disabled by trailing slash"
},
{
"cve": "CVE-2019-13676",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762396"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Google URI shown for certificate warning",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "RHBZ#1762396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13676"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Google URI shown for certificate warning"
},
{
"cve": "CVE-2019-13677",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762397"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Chrome web store origin needs to be isolated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "RHBZ#1762397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13677"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Chrome web store origin needs to be isolated"
},
{
"cve": "CVE-2019-13678",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762398"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Download dialog spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "RHBZ#1762398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13678"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Download dialog spoofing"
},
{
"cve": "CVE-2019-13679",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762399"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: User gesture needed for printing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "RHBZ#1762399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13679"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: User gesture needed for printing"
},
{
"cve": "CVE-2019-13680",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762400"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IP address spoofing to servers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "RHBZ#1762400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13680"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: IP address spoofing to servers"
},
{
"cve": "CVE-2019-13681",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762401"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Bypass on download restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "RHBZ#1762401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13681"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Bypass on download restrictions"
},
{
"cve": "CVE-2019-13682",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762402"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Site isolation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "RHBZ#1762402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762402"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13682",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13682"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Site isolation bypass"
},
{
"cve": "CVE-2019-13683",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762403"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Exceptions leaked by devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "RHBZ#1762403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13683"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Exceptions leaked by devtools"
},
{
"cve": "CVE-2019-13685",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762473"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13685"
},
{
"category": "external",
"summary": "RHBZ#1762473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762473"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13685"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "chromium-browser: Use-after-free in UI"
},
{
"cve": "CVE-2019-13686",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762476"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in offline pages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13686"
},
{
"category": "external",
"summary": "RHBZ#1762476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13686"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in offline pages"
},
{
"cve": "CVE-2019-13687",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762475"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13687"
},
{
"category": "external",
"summary": "RHBZ#1762475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13687"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-13688",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762474"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13688"
},
{
"category": "external",
"summary": "RHBZ#1762474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13688"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13688",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13688"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-13691",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762372"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Omnibox spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13691"
},
{
"category": "external",
"summary": "RHBZ#1762372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762372"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Omnibox spoof"
},
{
"cve": "CVE-2019-13692",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762373"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SOP bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13692"
},
{
"category": "external",
"summary": "RHBZ#1762373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13692"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: SOP bypass"
},
{
"cve": "CVE-2019-13693",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762518"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in IndexedDB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13693"
},
{
"category": "external",
"summary": "RHBZ#1762518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in IndexedDB"
},
{
"cve": "CVE-2019-13694",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762519"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in WebRTC",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13694"
},
{
"category": "external",
"summary": "RHBZ#1762519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13694"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in WebRTC"
},
{
"cve": "CVE-2019-13695",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762520"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in audio",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13695"
},
{
"category": "external",
"summary": "RHBZ#1762520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13695"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in audio"
},
{
"cve": "CVE-2019-13696",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762521"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13696"
},
{
"category": "external",
"summary": "RHBZ#1762521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13696"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in V8"
},
{
"cve": "CVE-2019-13697",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762522"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin size leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13697"
},
{
"category": "external",
"summary": "RHBZ#1762522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13697",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13697"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Cross-origin size leak"
}
]
}
RHSA-2019:3211
Vulnerability from csaf_redhat - Published: 2019-10-29 09:30 - Updated: 2025-11-21 18:10Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Critical
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 77.0.3865.120.
Security Fix(es):
* chromium-browser: Use-after-free in media (CVE-2019-5870)
* chromium-browser: Heap overflow in Skia (CVE-2019-5871)
* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)
* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)
* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)
* chromium-browser: Use-after-free in media (CVE-2019-5876)
* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)
* chromium-browser: Use-after-free in V8 (CVE-2019-5878)
* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)
* chromium-browser: Use-after-free in media (CVE-2019-13688)
* chromium-browser: Omnibox spoof (CVE-2019-13691)
* chromium-browser: SOP bypass (CVE-2019-13692)
* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)
* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)
* chromium-browser: Use-after-free in audio (CVE-2019-13695)
* chromium-browser: Use-after-free in V8 (CVE-2019-13696)
* chromium-browser: Cross-origin size leak (CVE-2019-13697)
* chromium-browser: Extensions can read some local files (CVE-2019-5879)
* chromium-browser: SameSite cookie bypass (CVE-2019-5880)
* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)
* chromium-browser: URL spoof (CVE-2019-13659)
* chromium-browser: Full screen notification overlap (CVE-2019-13660)
* chromium-browser: Full screen notification spoof (CVE-2019-13661)
* chromium-browser: CSP bypass (CVE-2019-13662)
* chromium-browser: IDN spoof (CVE-2019-13663)
* chromium-browser: CSRF bypass (CVE-2019-13664)
* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)
* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)
* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)
* chromium-browser: Global window leak via console (CVE-2019-13668)
* chromium-browser: HTTP authentication spoof (CVE-2019-13669)
* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)
* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)
* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)
* chromium-browser: IDN spoofing (CVE-2019-13674)
* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)
* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)
* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)
* chromium-browser: Download dialog spoofing (CVE-2019-13678)
* chromium-browser: User gesture needed for printing (CVE-2019-13679)
* chromium-browser: IP address spoofing to servers (CVE-2019-13680)
* chromium-browser: Bypass on download restrictions (CVE-2019-13681)
* chromium-browser: Site isolation bypass (CVE-2019-13682)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
9.6 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.6 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 77.0.3865.120.\n\nSecurity Fix(es):\n\n* chromium-browser: Use-after-free in media (CVE-2019-5870)\n\n* chromium-browser: Heap overflow in Skia (CVE-2019-5871)\n\n* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)\n\n* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)\n\n* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)\n\n* chromium-browser: Use-after-free in media (CVE-2019-5876)\n\n* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-5878)\n\n* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)\n\n* chromium-browser: Use-after-free in media (CVE-2019-13688)\n\n* chromium-browser: Omnibox spoof (CVE-2019-13691)\n\n* chromium-browser: SOP bypass (CVE-2019-13692)\n\n* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)\n\n* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)\n\n* chromium-browser: Use-after-free in audio (CVE-2019-13695)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-13696)\n\n* chromium-browser: Cross-origin size leak (CVE-2019-13697)\n\n* chromium-browser: Extensions can read some local files (CVE-2019-5879)\n\n* chromium-browser: SameSite cookie bypass (CVE-2019-5880)\n\n* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)\n\n* chromium-browser: URL spoof (CVE-2019-13659)\n\n* chromium-browser: Full screen notification overlap (CVE-2019-13660)\n\n* chromium-browser: Full screen notification spoof (CVE-2019-13661)\n\n* chromium-browser: CSP bypass (CVE-2019-13662)\n\n* chromium-browser: IDN spoof (CVE-2019-13663)\n\n* chromium-browser: CSRF bypass (CVE-2019-13664)\n\n* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)\n\n* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)\n\n* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)\n\n* chromium-browser: Global window leak via console (CVE-2019-13668)\n\n* chromium-browser: HTTP authentication spoof (CVE-2019-13669)\n\n* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)\n\n* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)\n\n* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)\n\n* chromium-browser: IDN spoofing (CVE-2019-13674)\n\n* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)\n\n* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)\n\n* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)\n\n* chromium-browser: Download dialog spoofing (CVE-2019-13678)\n\n* chromium-browser: User gesture needed for printing (CVE-2019-13679)\n\n* chromium-browser: IP address spoofing to servers (CVE-2019-13680)\n\n* chromium-browser: Bypass on download restrictions (CVE-2019-13681)\n\n* chromium-browser: Site isolation bypass (CVE-2019-13682)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3211",
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1762366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762366"
},
{
"category": "external",
"summary": "1762367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762367"
},
{
"category": "external",
"summary": "1762368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762368"
},
{
"category": "external",
"summary": "1762370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762370"
},
{
"category": "external",
"summary": "1762371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762371"
},
{
"category": "external",
"summary": "1762372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762372"
},
{
"category": "external",
"summary": "1762373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762373"
},
{
"category": "external",
"summary": "1762374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762374"
},
{
"category": "external",
"summary": "1762375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762375"
},
{
"category": "external",
"summary": "1762376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762376"
},
{
"category": "external",
"summary": "1762377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762377"
},
{
"category": "external",
"summary": "1762378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762378"
},
{
"category": "external",
"summary": "1762379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762379"
},
{
"category": "external",
"summary": "1762380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762380"
},
{
"category": "external",
"summary": "1762381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762381"
},
{
"category": "external",
"summary": "1762382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762382"
},
{
"category": "external",
"summary": "1762383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762383"
},
{
"category": "external",
"summary": "1762384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762384"
},
{
"category": "external",
"summary": "1762385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762385"
},
{
"category": "external",
"summary": "1762386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762386"
},
{
"category": "external",
"summary": "1762387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762387"
},
{
"category": "external",
"summary": "1762388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762388"
},
{
"category": "external",
"summary": "1762389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762389"
},
{
"category": "external",
"summary": "1762390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762390"
},
{
"category": "external",
"summary": "1762391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762391"
},
{
"category": "external",
"summary": "1762392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762392"
},
{
"category": "external",
"summary": "1762393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762393"
},
{
"category": "external",
"summary": "1762394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762394"
},
{
"category": "external",
"summary": "1762395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762395"
},
{
"category": "external",
"summary": "1762396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762396"
},
{
"category": "external",
"summary": "1762397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762397"
},
{
"category": "external",
"summary": "1762398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762398"
},
{
"category": "external",
"summary": "1762399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762399"
},
{
"category": "external",
"summary": "1762400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762400"
},
{
"category": "external",
"summary": "1762401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762401"
},
{
"category": "external",
"summary": "1762402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762402"
},
{
"category": "external",
"summary": "1762474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762474"
},
{
"category": "external",
"summary": "1762476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762476"
},
{
"category": "external",
"summary": "1762518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762518"
},
{
"category": "external",
"summary": "1762519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762519"
},
{
"category": "external",
"summary": "1762520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762520"
},
{
"category": "external",
"summary": "1762521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762521"
},
{
"category": "external",
"summary": "1762522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762522"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3211.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2025-11-21T18:10:39+00:00",
"generator": {
"date": "2025-11-21T18:10:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:3211",
"initial_release_date": "2019-10-29T09:30:00+00:00",
"revision_history": [
{
"date": "2019-10-29T09:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-29T09:30:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:10:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product_id": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@77.0.3865.120-2.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product_id": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@77.0.3865.120-2.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product_id": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@77.0.3865.120-2.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product_id": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@77.0.3865.120-2.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5870",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762366"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "RHBZ#1762366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5870"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-5871",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762367"
}
],
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Heap overflow in Skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "RHBZ#1762367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5871"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Heap overflow in Skia"
},
{
"cve": "CVE-2019-5872",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762368"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in Mojo",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "RHBZ#1762368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5872"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5872",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5872"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in Mojo"
},
{
"cve": "CVE-2019-5874",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762370"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: External URIs may trigger other browsers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "RHBZ#1762370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5874"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: External URIs may trigger other browsers"
},
{
"cve": "CVE-2019-5875",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762371"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URL bar spoof via download redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "RHBZ#1762371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5875"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: URL bar spoof via download redirect"
},
{
"cve": "CVE-2019-5876",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762374"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "RHBZ#1762374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5876"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5876",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5876"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-5877",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762375"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds access in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "RHBZ#1762375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5877"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds access in V8"
},
{
"cve": "CVE-2019-5878",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762376"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "RHBZ#1762376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5878"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in V8"
},
{
"cve": "CVE-2019-5879",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762377"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Extensions can read some local files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "RHBZ#1762377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5879"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Extensions can read some local files"
},
{
"cve": "CVE-2019-5880",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762378"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SameSite cookie bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "RHBZ#1762378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5880"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SameSite cookie bypass"
},
{
"cve": "CVE-2019-5881",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762379"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Arbitrary read in SwiftShader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "RHBZ#1762379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5881"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Arbitrary read in SwiftShader"
},
{
"cve": "CVE-2019-13659",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762380"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URL spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "RHBZ#1762380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13659",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13659"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13659",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13659"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: URL spoof"
},
{
"cve": "CVE-2019-13660",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762381"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Full screen notification overlap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "RHBZ#1762381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13660"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Full screen notification overlap"
},
{
"cve": "CVE-2019-13661",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762382"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Full screen notification spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "RHBZ#1762382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762382"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13661",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13661"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13661",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13661"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Full screen notification spoof"
},
{
"cve": "CVE-2019-13662",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762383"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: CSP bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "RHBZ#1762383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13662",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13662"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: CSP bypass"
},
{
"cve": "CVE-2019-13663",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762384"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IDN spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "RHBZ#1762384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762384"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13663",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13663"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13663"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: IDN spoof"
},
{
"cve": "CVE-2019-13664",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762385"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: CSRF bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "RHBZ#1762385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13664"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: CSRF bypass"
},
{
"cve": "CVE-2019-13665",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762386"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple file download protection bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "RHBZ#1762386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13665"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple file download protection bypass"
},
{
"cve": "CVE-2019-13666",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762387"
}
],
"notes": [
{
"category": "description",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Side channel using storage size estimate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "RHBZ#1762387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13666"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Side channel using storage size estimate"
},
{
"cve": "CVE-2019-13667",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762388"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URI bar spoof when using external app URIs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "RHBZ#1762388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13667",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13667"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13667"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: URI bar spoof when using external app URIs"
},
{
"cve": "CVE-2019-13668",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762389"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Global window leak via console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "RHBZ#1762389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13668",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13668"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Global window leak via console"
},
{
"cve": "CVE-2019-13669",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762390"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: HTTP authentication spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "RHBZ#1762390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13669",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13669"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13669",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13669"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: HTTP authentication spoof"
},
{
"cve": "CVE-2019-13670",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762391"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: V8 memory corruption in regex",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "RHBZ#1762391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13670",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13670"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13670",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13670"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: V8 memory corruption in regex"
},
{
"cve": "CVE-2019-13671",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762392"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Dialog box fails to show origin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "RHBZ#1762392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13671",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13671"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13671",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13671"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Dialog box fails to show origin"
},
{
"cve": "CVE-2019-13673",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762393"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin information leak using devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "RHBZ#1762393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13673",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13673"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cross-origin information leak using devtools"
},
{
"cve": "CVE-2019-13674",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762394"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IDN spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "RHBZ#1762394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13674"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13674"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: IDN spoofing"
},
{
"cve": "CVE-2019-13675",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762395"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Extensions can be disabled by trailing slash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "RHBZ#1762395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13675"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Extensions can be disabled by trailing slash"
},
{
"cve": "CVE-2019-13676",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762396"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Google URI shown for certificate warning",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "RHBZ#1762396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13676"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Google URI shown for certificate warning"
},
{
"cve": "CVE-2019-13677",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762397"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Chrome web store origin needs to be isolated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "RHBZ#1762397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13677"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Chrome web store origin needs to be isolated"
},
{
"cve": "CVE-2019-13678",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762398"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Download dialog spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "RHBZ#1762398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13678"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Download dialog spoofing"
},
{
"cve": "CVE-2019-13679",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762399"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: User gesture needed for printing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "RHBZ#1762399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13679"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: User gesture needed for printing"
},
{
"cve": "CVE-2019-13680",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762400"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IP address spoofing to servers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "RHBZ#1762400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13680"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: IP address spoofing to servers"
},
{
"cve": "CVE-2019-13681",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762401"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Bypass on download restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "RHBZ#1762401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13681"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Bypass on download restrictions"
},
{
"cve": "CVE-2019-13682",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762402"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Site isolation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "RHBZ#1762402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762402"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13682",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13682"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Site isolation bypass"
},
{
"cve": "CVE-2019-13683",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762403"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Exceptions leaked by devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "RHBZ#1762403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13683"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Exceptions leaked by devtools"
},
{
"cve": "CVE-2019-13685",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762473"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13685"
},
{
"category": "external",
"summary": "RHBZ#1762473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762473"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13685"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "chromium-browser: Use-after-free in UI"
},
{
"cve": "CVE-2019-13686",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762476"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in offline pages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13686"
},
{
"category": "external",
"summary": "RHBZ#1762476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13686"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in offline pages"
},
{
"cve": "CVE-2019-13687",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762475"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13687"
},
{
"category": "external",
"summary": "RHBZ#1762475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13687"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-13688",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762474"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13688"
},
{
"category": "external",
"summary": "RHBZ#1762474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13688"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13688",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13688"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-13691",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762372"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Omnibox spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13691"
},
{
"category": "external",
"summary": "RHBZ#1762372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762372"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Omnibox spoof"
},
{
"cve": "CVE-2019-13692",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762373"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SOP bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13692"
},
{
"category": "external",
"summary": "RHBZ#1762373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13692"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: SOP bypass"
},
{
"cve": "CVE-2019-13693",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762518"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in IndexedDB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13693"
},
{
"category": "external",
"summary": "RHBZ#1762518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in IndexedDB"
},
{
"cve": "CVE-2019-13694",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762519"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in WebRTC",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13694"
},
{
"category": "external",
"summary": "RHBZ#1762519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13694"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in WebRTC"
},
{
"cve": "CVE-2019-13695",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762520"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in audio",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13695"
},
{
"category": "external",
"summary": "RHBZ#1762520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13695"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in audio"
},
{
"cve": "CVE-2019-13696",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762521"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13696"
},
{
"category": "external",
"summary": "RHBZ#1762521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13696"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in V8"
},
{
"cve": "CVE-2019-13697",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762522"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin size leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13697"
},
{
"category": "external",
"summary": "RHBZ#1762522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13697",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13697"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Cross-origin size leak"
}
]
}
GSD-2019-13691
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-13691",
"description": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"id": "GSD-2019-13691",
"references": [
"https://www.suse.com/security/cve/CVE-2019-13691.html",
"https://www.debian.org/security/2019/dsa-4562",
"https://access.redhat.com/errata/RHSA-2019:3211"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-13691"
],
"details": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"id": "GSD-2019-13691",
"modified": "2023-12-13T01:23:41.375848Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77.0.3865.75"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient validation of untrusted input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/966914",
"refsource": "MISC",
"url": "https://crbug.com/966914"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "77.0.3865.75",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13691"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/966914",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/966914"
},
{
"name": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2019-11-25T15:15Z"
}
}
}
FKIE_CVE-2019-13691
Vulnerability from fkie_nvd - Published: 2019-11-25 15:15 - Updated: 2024-11-21 04:25
Severity ?
Summary
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
References
| URL | Tags | ||
|---|---|---|---|
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html | ||
| chrome-cve-admin@google.com | https://crbug.com/966914 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/966914 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E0B140-F006-4C6D-86AB-D822C9827E15",
"versionEndExcluding": "77.0.3865.75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
},
{
"lang": "es",
"value": "La comprobaci\u00f3n insuficiente de una entrada no confiable en navigation en Google Chrome versiones anteriores a 77.0.3865.75, permiti\u00f3 a un atacante remoto falsificar el contenido del Omnibox (barra de URL) por medio de una p\u00e1gina HTML dise\u00f1ada."
}
],
"id": "CVE-2019-13691",
"lastModified": "2024-11-21T04:25:31.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-25T15:15:32.010",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/966914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/966914"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
BDU:2020-01672
Vulnerability from fstec - Published: 22.10.2019
VLAI Severity ?
Title
Уязвимость браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю нарушить целостность данных
Description
Уязвимость браузера Google Chrome связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, нарушить целостность данных при помощи специально созданной HTML-страницы
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Red Hat Inc., Google Inc, АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Google Chrome, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), Desktop 6.0 (Red Hat Enterprise Linux), Server 6.0 (Red Hat Enterprise Linux), Workstation 6.0 (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 77.0.3865.75 (Google Chrome), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для chromium:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html
Для Debian:
https://security-tracker.debian.org/tracker/CVE-2019-13691
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/errata/RHSA-2019:3211
Для ОС ОН «Стрелец»:
Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет chromium до 80.0.3987.87-1astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16
Reference
https://access.redhat.com/errata/RHSA-2019:3211
https://nvd.nist.gov/vuln/detail/CVE-2019-13691
https://security-tracker.debian.org/tracker/CVE-2019-13691
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Google Inc, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), Desktop 6.0 (Red Hat Enterprise Linux), Server 6.0 (Red Hat Enterprise Linux), Workstation 6.0 (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 77.0.3865.75 (Google Chrome), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f chromium:\nhttps://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2019-13691\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2019:3211\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 80.0.3987.87-1astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.10.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.04.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01672",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-13691",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Google Chrome, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux Desktop 6.0 , Red Hat Inc. Red Hat Enterprise Linux Server 6.0 , Red Hat Inc. Red Hat Enterprise Linux Workstation 6.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/errata/RHSA-2019:3211\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13691\nhttps://security-tracker.debian.org/tracker/CVE-2019-13691\nhttps://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…