Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-5828
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
EPSS score ?
Summary
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:09:23.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://crbug.com/956597" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" }, { "name": "openSUSE-SU-2019:1666", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html" }, { "name": "FEDORA-2019-8fb8240d14", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/" }, { "name": "FEDORA-2019-a1af621faf", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/" }, { "name": "DSA-4500", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4500" }, { "name": "20190813 [SECURITY] [DSA 4500-1] chromium security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Aug/19" }, { "name": "GLSA-201908-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201908-18" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "75.0.3770.80", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "Use after free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-15T17:06:11", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://crbug.com/956597" }, { "tags": [ "x_refsource_MISC" ], "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" }, { "name": "openSUSE-SU-2019:1666", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html" }, { "name": "FEDORA-2019-8fb8240d14", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/" }, { "name": "FEDORA-2019-a1af621faf", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/" }, { "name": "DSA-4500", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4500" }, { "name": "20190813 [SECURITY] [DSA 4500-1] chromium security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Aug/19" }, { "name": "GLSA-201908-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201908-18" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2019-5828", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "75.0.3770.80" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://crbug.com/956597", "refsource": "MISC", "url": "https://crbug.com/956597" }, { "name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" }, { "name": "openSUSE-SU-2019:1666", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html" }, { "name": "FEDORA-2019-8fb8240d14", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/" }, { "name": "FEDORA-2019-a1af621faf", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/" }, { "name": "DSA-4500", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4500" }, { "name": "20190813 [SECURITY] [DSA 4500-1] chromium security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/19" }, { "name": "GLSA-201908-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-18" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2019-5828", "datePublished": "2019-06-27T16:13:44", "dateReserved": "2019-01-09T00:00:00", "dateUpdated": "2024-08-04T20:09:23.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-5828\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-06-27T17:15:14.990\",\"lastModified\":\"2024-11-21T04:45:35.583\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"El problema del ciclo de vida del objeto en ServiceWorker en Google Chrome antes de 75.0.3770.80 permiti\u00f3 que un atacante remoto pudiera realizar un acceso a la memoria fuera de l\u00edmites a trav\u00e9s de una p\u00e1gina HTML dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"75.0.3770.80\",\"matchCriteriaId\":\"1629DCDC-F45C-4F3E-A8EF-43E40E2FD504\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"398716BC-E609-4338-BAB9-7CB2A78599BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/956597\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/19\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201908-18\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4500\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/956597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201908-18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
ghsa-9gx2-96v5-4pmr
Vulnerability from github
Published
2022-05-24 16:48
Modified
2022-07-30 00:00
Severity ?
Details
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
{ "affected": [], "aliases": [ "CVE-2019-5828" ], "database_specific": { "cwe_ids": [ "CWE-416" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-06-27T17:15:00Z", "severity": "HIGH" }, "details": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.", "id": "GHSA-9gx2-96v5-4pmr", "modified": "2022-07-30T00:00:24Z", "published": "2022-05-24T16:48:54Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5828" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" }, { "type": "WEB", "url": "https://crbug.com/956597" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI" }, { "type": "WEB", "url": "https://seclists.org/bugtraq/2019/Aug/19" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201908-18" }, { "type": "WEB", "url": "https://www.debian.org/security/2019/dsa-4500" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
rhsa-2019_1477
Vulnerability from csaf_redhat
Published
2019-06-17 07:38
Modified
2024-11-15 08:25
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 75.0.3770.80.
Security Fix(es):
* chromium-browser: Use after free in ServiceWorker (CVE-2019-5828)
* chromium-browser: Use after free in Download Manager (CVE-2019-5829)
* chromium-browser: Incorrectly credentialed requests in CORS (CVE-2019-5830)
* chromium-browser: Incorrect map processing in V8 (CVE-2019-5831)
* chromium-browser: Incorrect CORS handling in XHR (CVE-2019-5832)
* chromium-browser: Inconsistent security UI placement (CVE-2019-5833)
* chromium-browser: Out of bounds read in Swiftshader (CVE-2019-5835)
* chromium-browser: Heap buffer overflow in Angle (CVE-2019-5836)
* chromium-browser: Cross-origin resources size disclosure in Appcache (CVE-2019-5837)
* chromium-browser: Overly permissive tab access in Extensions (CVE-2019-5838)
* chromium-browser: Incorrect handling of certain code points in Blink (CVE-2019-5839)
* chromium-browser: Popup blocker bypass (CVE-2019-5840)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 75.0.3770.80.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ServiceWorker (CVE-2019-5828)\n\n* chromium-browser: Use after free in Download Manager (CVE-2019-5829)\n\n* chromium-browser: Incorrectly credentialed requests in CORS (CVE-2019-5830)\n\n* chromium-browser: Incorrect map processing in V8 (CVE-2019-5831)\n\n* chromium-browser: Incorrect CORS handling in XHR (CVE-2019-5832)\n\n* chromium-browser: Inconsistent security UI placement (CVE-2019-5833)\n\n* chromium-browser: Out of bounds read in Swiftshader (CVE-2019-5835)\n\n* chromium-browser: Heap buffer overflow in Angle (CVE-2019-5836)\n\n* chromium-browser: Cross-origin resources size disclosure in Appcache (CVE-2019-5837)\n\n* chromium-browser: Overly permissive tab access in Extensions (CVE-2019-5838)\n\n* chromium-browser: Incorrect handling of certain code points in Blink (CVE-2019-5839)\n\n* chromium-browser: Popup blocker bypass (CVE-2019-5840)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:1477", "url": "https://access.redhat.com/errata/RHSA-2019:1477" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1718256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718256" }, { "category": "external", "summary": "1718257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718257" }, { "category": "external", "summary": "1718258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718258" }, { "category": "external", "summary": "1718259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718259" }, { "category": "external", "summary": "1718260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718260" }, { "category": "external", "summary": "1718261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718261" }, { "category": "external", "summary": "1718263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718263" }, { "category": "external", "summary": "1718264", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718264" }, { "category": "external", "summary": "1718266", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718266" }, { "category": "external", "summary": "1718267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718267" }, { "category": "external", "summary": "1718268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718268" }, { "category": "external", "summary": "1718269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718269" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_1477.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2024-11-15T08:25:34+00:00", "generator": { "date": "2024-11-15T08:25:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:1477", "initial_release_date": "2019-06-17T07:38:39+00:00", "revision_history": [ { "date": "2019-06-17T07:38:39+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-06-17T07:38:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T08:25:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "product": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "product_id": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@75.0.3770.80-1.el6_10?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "product": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "product_id": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@75.0.3770.80-1.el6_10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:75.0.3770.80-1.el6_10.i686", "product": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.i686", "product_id": "chromium-browser-0:75.0.3770.80-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@75.0.3770.80-1.el6_10?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "product": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "product_id": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@75.0.3770.80-1.el6_10?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686" }, "product_reference": "chromium-browser-0:75.0.3770.80-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686" }, "product_reference": "chromium-browser-0:75.0.3770.80-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686" }, "product_reference": "chromium-browser-0:75.0.3770.80-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686" }, "product_reference": "chromium-browser-0:75.0.3770.80-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-5828", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718256" } ], "notes": [ { "category": "description", "text": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in ServiceWorker", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5828" }, { "category": "external", "summary": "RHBZ#1718256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718256" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5828", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5828" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5828", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5828" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in ServiceWorker" }, { "cve": "CVE-2019-5829", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718257" } ], "notes": [ { "category": "description", "text": "Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in Download Manager", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5829" }, { "category": "external", "summary": "RHBZ#1718257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5829", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5829" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5829", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5829" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in Download Manager" }, { "cve": "CVE-2019-5830", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718258" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrectly credentialed requests in CORS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5830" }, { "category": "external", "summary": "RHBZ#1718258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718258" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5830", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5830" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5830", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5830" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrectly credentialed requests in CORS" }, { "cve": "CVE-2019-5831", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718259" } ], "notes": [ { "category": "description", "text": "Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect map processing in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5831" }, { "category": "external", "summary": "RHBZ#1718259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718259" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5831", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5831" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5831", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5831" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect map processing in V8" }, { "cve": "CVE-2019-5832", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718260" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect CORS handling in XHR", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5832" }, { "category": "external", "summary": "RHBZ#1718260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718260" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5832", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5832" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5832", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5832" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect CORS handling in XHR" }, { "cve": "CVE-2019-5833", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718261" } ], "notes": [ { "category": "description", "text": "Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inconsistent security UI placement", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5833" }, { "category": "external", "summary": "RHBZ#1718261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718261" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5833", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5833" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5833", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5833" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Inconsistent security UI placement" }, { "cve": "CVE-2019-5835", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718263" } ], "notes": [ { "category": "description", "text": "Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds read in Swiftshader", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5835" }, { "category": "external", "summary": "RHBZ#1718263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5835", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5835" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5835" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Out of bounds read in Swiftshader" }, { "cve": "CVE-2019-5836", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718264" } ], "notes": [ { "category": "description", "text": "Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Heap buffer overflow in Angle", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5836" }, { "category": "external", "summary": "RHBZ#1718264", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718264" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5836", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5836" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5836", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5836" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Heap buffer overflow in Angle" }, { "cve": "CVE-2019-5837", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718266" } ], "notes": [ { "category": "description", "text": "Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Cross-origin resources size disclosure in Appcache", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5837" }, { "category": "external", "summary": "RHBZ#1718266", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718266" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5837", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5837" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5837", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5837" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Cross-origin resources size disclosure in Appcache" }, { "cve": "CVE-2019-5838", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718267" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Overly permissive tab access in Extensions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5838" }, { "category": "external", "summary": "RHBZ#1718267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718267" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5838", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5838" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Overly permissive tab access in Extensions" }, { "cve": "CVE-2019-5839", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718268" } ], "notes": [ { "category": "description", "text": "Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect handling of certain code points in Blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5839" }, { "category": "external", "summary": "RHBZ#1718268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5839", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5839" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect handling of certain code points in Blink" }, { "cve": "CVE-2019-5840", "discovery_date": "2019-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1718269" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Popup blocker bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5840" }, { "category": "external", "summary": "RHBZ#1718269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718269" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5840", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5840" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" } ], "release_date": "2019-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-06-17T07:38:39+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1477" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:75.0.3770.80-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Popup blocker bypass" } ] }
gsd-2019-5828
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-5828", "description": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.", "id": "GSD-2019-5828", "references": [ "https://www.suse.com/security/cve/CVE-2019-5828.html", "https://www.debian.org/security/2019/dsa-4500", "https://access.redhat.com/errata/RHSA-2019:1477", "https://advisories.mageia.org/CVE-2019-5828.html", "https://security.archlinux.org/CVE-2019-5828" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-5828" ], "details": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.", "id": "GSD-2019-5828", "modified": "2023-12-13T01:23:55.773749Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2019-5828", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "75.0.3770.80" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://crbug.com/956597", "refsource": "MISC", "url": "https://crbug.com/956597" }, { "name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" }, { "name": "openSUSE-SU-2019:1666", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html" }, { "name": "FEDORA-2019-8fb8240d14", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/" }, { "name": "FEDORA-2019-a1af621faf", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/" }, { "name": "DSA-4500", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4500" }, { "name": "20190813 [SECURITY] [DSA 4500-1] chromium security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/19" }, { "name": "GLSA-201908-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-18" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "75.0.3770.80", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2019-5828" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/956597", "refsource": "MISC", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://crbug.com/956597" }, { "name": "openSUSE-SU-2019:1666", "refsource": "SUSE", "tags": [ "Issue Tracking", "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html" }, { "name": "FEDORA-2019-8fb8240d14", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/" }, { "name": "FEDORA-2019-a1af621faf", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/" }, { "name": "DSA-4500", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4500" }, { "name": "20190813 [SECURITY] [DSA 4500-1] chromium security update", "refsource": "BUGTRAQ", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Aug/19" }, { "name": "GLSA-201908-18", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201908-18" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2022-07-29T17:23Z", "publishedDate": "2019-06-27T17:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.