Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-6386 (GCVE-0-2020-6386)
Vulnerability from cvelistv5
- Use after free
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:02:40.088Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://crbug.com/1043603" }, { "name": "RHSA-2020:0738", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "name": "DSA-4638", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "FEDORA-2020-f6271d7afa", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "80.0.3987.116", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "Use after free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-27T12:06:42", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://crbug.com/1043603" }, { "name": "RHSA-2020:0738", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "name": "DSA-4638", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "FEDORA-2020-f6271d7afa", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2020-6386", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "80.0.3987.116" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" }, { "name": "https://crbug.com/1043603", "refsource": "MISC", "url": "https://crbug.com/1043603" }, { "name": "RHSA-2020:0738", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "name": "DSA-4638", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "FEDORA-2020-f6271d7afa", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2020-6386", "datePublished": "2020-02-27T22:55:24", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2024-08-04T09:02:40.088Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-6386\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2020-02-27T23:15:12.467\",\"lastModified\":\"2024-11-21T05:35:37.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Un uso de la memoria previamente liberada en speech en Google Chrome versiones anteriores a 80.0.3987.116, permiti\u00f3 a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"80.0.3987.116\",\"matchCriteriaId\":\"F130A48E-BC24-40BB-BAB9-AAD00410F45E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0738\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1043603\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4638\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0738\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1043603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
ghsa-67vf-6vph-7w9w
Vulnerability from github
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{ "affected": [], "aliases": [ "CVE-2020-6386" ], "database_specific": { "cwe_ids": [ "CWE-416" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2020-02-27T23:15:00Z", "severity": "MODERATE" }, "details": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "id": "GHSA-67vf-6vph-7w9w", "modified": "2022-05-24T17:09:55Z", "published": "2022-05-24T17:09:55Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6386" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" }, { "type": "WEB", "url": "https://crbug.com/1043603" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP" }, { "type": "WEB", "url": "https://www.debian.org/security/2020/dsa-4638" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
RHSA-2020:0738
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 80.0.3987.122.\n\nSecurity Fix(es):\n\n* ICU: Integer overflow in UnicodeString::doAppend() (BZ#1807349)\n\n* chromium-browser: Type confusion in V8 (CVE-2020-6383)\n\n* chromium-browser: Use after free in WebAudio (CVE-2020-6384)\n\n* chromium-browser: Use after free in speech (CVE-2020-6386)\n\n* chromium-browser: Out of bounds memory access in streams (CVE-2020-6407)\n\n* chromium-browser: Type confusion in V8 (CVE-2020-6418)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0738", "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1807343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807343" }, { "category": "external", "summary": "1807349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807349" }, { "category": "external", "summary": "1807381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807381" }, { "category": "external", "summary": "1807498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807498" }, { "category": "external", "summary": "1807499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807499" }, { "category": "external", "summary": "1807500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807500" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0738.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2025-08-02T13:29:36+00:00", "generator": { "date": "2025-08-02T13:29:36+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.6" } }, "id": "RHSA-2020:0738", "initial_release_date": "2020-03-09T08:24:20+00:00", "revision_history": [ { "date": "2020-03-09T08:24:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-03-09T08:24:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-08-02T13:29:36+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product_id": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@80.0.3987.122-1.el6_10?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product_id": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@80.0.3987.122-1.el6_10?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product_id": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@80.0.3987.122-1.el6_10?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product_id": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@80.0.3987.122-1.el6_10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-6383", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807498" } ], "notes": [ { "category": "description", "text": "Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6383" }, { "category": "external", "summary": "RHBZ#1807498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807498" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6383", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6383" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6383", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6383" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type confusion in V8" }, { "cve": "CVE-2020-6384", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807499" } ], "notes": [ { "category": "description", "text": "Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in WebAudio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6384" }, { "category": "external", "summary": "RHBZ#1807499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6384", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6384" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6384", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6384" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in WebAudio" }, { "cve": "CVE-2020-6386", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807500" } ], "notes": [ { "category": "description", "text": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in speech", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6386" }, { "category": "external", "summary": "RHBZ#1807500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807500" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6386", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6386" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6386", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6386" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in speech" }, { "cve": "CVE-2020-6407", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807381" } ], "notes": [ { "category": "description", "text": "Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds memory access in streams", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6407" }, { "category": "external", "summary": "RHBZ#1807381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6407", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6407" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds memory access in streams" }, { "cve": "CVE-2020-6418", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2020-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807343" } ], "notes": [ { "category": "description", "text": "Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6418" }, { "category": "external", "summary": "RHBZ#1807343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6418", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6418" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6418", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6418" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2020-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2021-11-03T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type confusion in V8" }, { "cve": "CVE-2020-10531", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807349" } ], "notes": [ { "category": "description", "text": "An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: Integer overflow in UnicodeString::doAppend()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10531" }, { "category": "external", "summary": "RHBZ#1807349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807349" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10531", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10531" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "ICU: Integer overflow in UnicodeString::doAppend()" } ] }
rhsa-2020_0738
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 80.0.3987.122.\n\nSecurity Fix(es):\n\n* ICU: Integer overflow in UnicodeString::doAppend() (BZ#1807349)\n\n* chromium-browser: Type confusion in V8 (CVE-2020-6383)\n\n* chromium-browser: Use after free in WebAudio (CVE-2020-6384)\n\n* chromium-browser: Use after free in speech (CVE-2020-6386)\n\n* chromium-browser: Out of bounds memory access in streams (CVE-2020-6407)\n\n* chromium-browser: Type confusion in V8 (CVE-2020-6418)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0738", "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1807343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807343" }, { "category": "external", "summary": "1807349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807349" }, { "category": "external", "summary": "1807381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807381" }, { "category": "external", "summary": "1807498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807498" }, { "category": "external", "summary": "1807499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807499" }, { "category": "external", "summary": "1807500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807500" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0738.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2024-11-15T08:27:44+00:00", "generator": { "date": "2024-11-15T08:27:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:0738", "initial_release_date": "2020-03-09T08:24:20+00:00", "revision_history": [ { "date": "2020-03-09T08:24:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-03-09T08:24:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T08:27:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product_id": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@80.0.3987.122-1.el6_10?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product_id": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@80.0.3987.122-1.el6_10?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product_id": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@80.0.3987.122-1.el6_10?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product_id": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@80.0.3987.122-1.el6_10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-6383", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807498" } ], "notes": [ { "category": "description", "text": "Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6383" }, { "category": "external", "summary": "RHBZ#1807498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807498" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6383", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6383" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6383", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6383" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type confusion in V8" }, { "cve": "CVE-2020-6384", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807499" } ], "notes": [ { "category": "description", "text": "Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in WebAudio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6384" }, { "category": "external", "summary": "RHBZ#1807499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6384", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6384" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6384", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6384" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in WebAudio" }, { "cve": "CVE-2020-6386", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807500" } ], "notes": [ { "category": "description", "text": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in speech", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6386" }, { "category": "external", "summary": "RHBZ#1807500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807500" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6386", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6386" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6386", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6386" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in speech" }, { "cve": "CVE-2020-6407", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807381" } ], "notes": [ { "category": "description", "text": "Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds memory access in streams", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6407" }, { "category": "external", "summary": "RHBZ#1807381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6407", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6407" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds memory access in streams" }, { "cve": "CVE-2020-6418", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2020-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807343" } ], "notes": [ { "category": "description", "text": "Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6418" }, { "category": "external", "summary": "RHBZ#1807343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6418", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6418" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6418", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6418" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2020-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2021-11-03T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type confusion in V8" }, { "cve": "CVE-2020-10531", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807349" } ], "notes": [ { "category": "description", "text": "An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: Integer overflow in UnicodeString::doAppend()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10531" }, { "category": "external", "summary": "RHBZ#1807349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807349" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10531", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10531" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "ICU: Integer overflow in UnicodeString::doAppend()" } ] }
rhsa-2020:0738
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 80.0.3987.122.\n\nSecurity Fix(es):\n\n* ICU: Integer overflow in UnicodeString::doAppend() (BZ#1807349)\n\n* chromium-browser: Type confusion in V8 (CVE-2020-6383)\n\n* chromium-browser: Use after free in WebAudio (CVE-2020-6384)\n\n* chromium-browser: Use after free in speech (CVE-2020-6386)\n\n* chromium-browser: Out of bounds memory access in streams (CVE-2020-6407)\n\n* chromium-browser: Type confusion in V8 (CVE-2020-6418)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0738", "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1807343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807343" }, { "category": "external", "summary": "1807349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807349" }, { "category": "external", "summary": "1807381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807381" }, { "category": "external", "summary": "1807498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807498" }, { "category": "external", "summary": "1807499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807499" }, { "category": "external", "summary": "1807500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807500" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0738.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2025-08-02T13:29:36+00:00", "generator": { "date": "2025-08-02T13:29:36+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.6" } }, "id": "RHSA-2020:0738", "initial_release_date": "2020-03-09T08:24:20+00:00", "revision_history": [ { "date": "2020-03-09T08:24:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-03-09T08:24:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-08-02T13:29:36+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product_id": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@80.0.3987.122-1.el6_10?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product_id": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@80.0.3987.122-1.el6_10?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product_id": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@80.0.3987.122-1.el6_10?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product_id": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@80.0.3987.122-1.el6_10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-6383", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807498" } ], "notes": [ { "category": "description", "text": "Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6383" }, { "category": "external", "summary": "RHBZ#1807498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807498" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6383", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6383" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6383", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6383" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type confusion in V8" }, { "cve": "CVE-2020-6384", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807499" } ], "notes": [ { "category": "description", "text": "Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in WebAudio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6384" }, { "category": "external", "summary": "RHBZ#1807499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6384", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6384" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6384", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6384" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in WebAudio" }, { "cve": "CVE-2020-6386", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807500" } ], "notes": [ { "category": "description", "text": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in speech", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6386" }, { "category": "external", "summary": "RHBZ#1807500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807500" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6386", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6386" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6386", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6386" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" } ], "release_date": "2020-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in speech" }, { "cve": "CVE-2020-6407", "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807381" } ], "notes": [ { "category": "description", "text": "Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds memory access in streams", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6407" }, { "category": "external", "summary": "RHBZ#1807381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6407", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6407" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds memory access in streams" }, { "cve": "CVE-2020-6418", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2020-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807343" } ], "notes": [ { "category": "description", "text": "Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6418" }, { "category": "external", "summary": "RHBZ#1807343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6418", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6418" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6418", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6418" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2020-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2021-11-03T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type confusion in V8" }, { "cve": "CVE-2020-10531", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807349" } ], "notes": [ { "category": "description", "text": "An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: Integer overflow in UnicodeString::doAppend()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10531" }, { "category": "external", "summary": "RHBZ#1807349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807349" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10531", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10531" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-09T08:24:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.122-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.122-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "ICU: Integer overflow in UnicodeString::doAppend()" } ] }
cnvd-2020-13862
Vulnerability from cnvd
Title: Google Chrome speech资源管理错误漏洞
Description:
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。
Google Chrome 80.0.3987.116之前版本中的speech存在资源管理错误漏洞。远程攻击者可借助特制的网站利用该漏洞利用该漏洞执行任意代码或造成拒绝服务。
Severity: 高
Patch Name: Google Chrome speech资源管理错误漏洞的补丁
Patch Description:
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。
Google Chrome 80.0.3987.116之前版本中的speech存在资源管理错误漏洞。远程攻击者可借助特制的网站利用该漏洞利用该漏洞执行任意代码或造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html
Reference: https://vigilance.fr/vulnerability/Google-Chrome-three-vulnerabilities-31658
Name | Google Chrome <80.0.3987.116 |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2020-6386" } }, "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome 80.0.3987.116\u4e4b\u524d\u7248\u672c\u4e2d\u7684speech\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002", "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2020-13862", "openTime": "2020-02-26", "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome 80.0.3987.116\u4e4b\u524d\u7248\u672c\u4e2d\u7684speech\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Google Chrome speech\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": "Google Chrome \u003c80.0.3987.116" }, "referenceLink": "https://vigilance.fr/vulnerability/Google-Chrome-three-vulnerabilities-31658", "serverity": "\u9ad8", "submitTime": "2020-02-25", "title": "Google Chrome speech\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e" }
fkie_cve-2020-6386
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
chrome | * | ||
fedoraproject | fedora | 30 | |
fedoraproject | fedora | 31 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "F130A48E-BC24-40BB-BAB9-AAD00410F45E", "versionEndExcluding": "80.0.3987.116", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." }, { "lang": "es", "value": "Un uso de la memoria previamente liberada en speech en Google Chrome versiones anteriores a 80.0.3987.116, permiti\u00f3 a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada." } ], "id": "CVE-2020-6386", "lastModified": "2024-11-21T05:35:37.550", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-02-27T23:15:12.467", "references": [ { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://crbug.com/1043603" }, { "source": "chrome-cve-admin@google.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" }, { "source": "chrome-cve-admin@google.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "source": "chrome-cve-admin@google.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4638" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://crbug.com/1043603" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4638" } ], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
gsd-2020-6386
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2020-6386", "description": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "id": "GSD-2020-6386", "references": [ "https://www.debian.org/security/2020/dsa-4638", "https://access.redhat.com/errata/RHSA-2020:0738", "https://advisories.mageia.org/CVE-2020-6386.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-6386" ], "details": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "id": "GSD-2020-6386", "modified": "2023-12-13T01:21:55.275907Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2020-6386", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "80.0.3987.116" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use after free" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" }, { "name": "https://crbug.com/1043603", "refsource": "MISC", "url": "https://crbug.com/1043603" }, { "name": "RHSA-2020:0738", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "name": "DSA-4638", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "FEDORA-2020-f6271d7afa", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "80.0.3987.116", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2020-6386" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "refsource": "MISC", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" }, { "name": "https://crbug.com/1043603", "refsource": "MISC", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://crbug.com/1043603" }, { "name": "RHSA-2020:0738", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0738" }, { "name": "DSA-4638", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "FEDORA-2020-f6271d7afa", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2022-03-31T17:13Z", "publishedDate": "2020-02-27T23:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.