RHSA-2017:2676
Vulnerability from csaf_redhat - Published: 2017-09-12 03:41 - Updated: 2025-11-21 18:02Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 61.0.3163.79.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2017:2676
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 61.0.3163.79.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2676",
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
},
{
"category": "external",
"summary": "1488772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488772"
},
{
"category": "external",
"summary": "1488773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488773"
},
{
"category": "external",
"summary": "1488774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488774"
},
{
"category": "external",
"summary": "1488775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488775"
},
{
"category": "external",
"summary": "1488776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488776"
},
{
"category": "external",
"summary": "1488777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488777"
},
{
"category": "external",
"summary": "1488778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488778"
},
{
"category": "external",
"summary": "1488779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488779"
},
{
"category": "external",
"summary": "1488781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488781"
},
{
"category": "external",
"summary": "1488782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488782"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2676.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2025-11-21T18:02:15+00:00",
"generator": {
"date": "2025-11-21T18:02:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2017:2676",
"initial_release_date": "2017-09-12T03:41:27+00:00",
"revision_history": [
{
"date": "2017-09-12T03:41:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-09-12T03:41:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:02:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"product_id": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@61.0.3163.79-2.el6_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"product": {
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"product_id": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@61.0.3163.79-2.el6_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"product": {
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"product_id": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@61.0.3163.79-2.el6_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"product": {
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"product_id": "chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@61.0.3163.79-2.el6_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686"
},
"product_reference": "chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686"
},
"product_reference": "chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686"
},
"product_reference": "chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5111",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488772"
}
],
"notes": [
{
"category": "description",
"text": "A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5111"
},
{
"category": "external",
"summary": "RHBZ#1488772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5111",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5111"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2017-5112",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488773"
}
],
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap buffer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5112"
},
{
"category": "external",
"summary": "RHBZ#1488773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5112",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5112"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5112",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5112"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap buffer overflow in webgl"
},
{
"cve": "CVE-2017-5113",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488774"
}
],
"notes": [
{
"category": "description",
"text": "Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap buffer overflow in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5113"
},
{
"category": "external",
"summary": "RHBZ#1488774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5113",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5113"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5113",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5113"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap buffer overflow in skia"
},
{
"cve": "CVE-2017-5114",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488775"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: memory lifecycle issue in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5114"
},
{
"category": "external",
"summary": "RHBZ#1488775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488775"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5114",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5114"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: memory lifecycle issue in pdfium"
},
{
"cve": "CVE-2017-5115",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488776"
}
],
"notes": [
{
"category": "description",
"text": "Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: type confusion in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5115"
},
{
"category": "external",
"summary": "RHBZ#1488776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5115"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: type confusion in v8"
},
{
"cve": "CVE-2017-5116",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488777"
}
],
"notes": [
{
"category": "description",
"text": "Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: type confusion in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5116"
},
{
"category": "external",
"summary": "RHBZ#1488777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5116"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: type confusion in v8"
},
{
"cve": "CVE-2017-5117",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488778"
}
],
"notes": [
{
"category": "description",
"text": "Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use of uninitialized value in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5117"
},
{
"category": "external",
"summary": "RHBZ#1488778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5117"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5117",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5117"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: use of uninitialized value in skia"
},
{
"cve": "CVE-2017-5118",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488779"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: bypass of content security policy in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5118"
},
{
"category": "external",
"summary": "RHBZ#1488779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5118",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5118"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5118",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5118"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: bypass of content security policy in blink"
},
{
"cve": "CVE-2017-5119",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488781"
}
],
"notes": [
{
"category": "description",
"text": "Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use of uninitialized value in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5119"
},
{
"category": "external",
"summary": "RHBZ#1488781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5119",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5119"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: use of uninitialized value in skia"
},
{
"cve": "CVE-2017-5120",
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1488782"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial \"www.\" substring).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: potential https downgrade during redirect navigation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5120"
},
{
"category": "external",
"summary": "RHBZ#1488782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5120",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5120"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5120",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5120"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-09-12T03:41:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:61.0.3163.79-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:61.0.3163.79-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: potential https downgrade during redirect navigation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…