RHSA-2019:3211
Vulnerability from csaf_redhat - Published: 2019-10-29 09:30 - Updated: 2025-11-21 18:10Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Critical
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 77.0.3865.120.
Security Fix(es):
* chromium-browser: Use-after-free in media (CVE-2019-5870)
* chromium-browser: Heap overflow in Skia (CVE-2019-5871)
* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)
* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)
* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)
* chromium-browser: Use-after-free in media (CVE-2019-5876)
* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)
* chromium-browser: Use-after-free in V8 (CVE-2019-5878)
* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)
* chromium-browser: Use-after-free in media (CVE-2019-13688)
* chromium-browser: Omnibox spoof (CVE-2019-13691)
* chromium-browser: SOP bypass (CVE-2019-13692)
* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)
* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)
* chromium-browser: Use-after-free in audio (CVE-2019-13695)
* chromium-browser: Use-after-free in V8 (CVE-2019-13696)
* chromium-browser: Cross-origin size leak (CVE-2019-13697)
* chromium-browser: Extensions can read some local files (CVE-2019-5879)
* chromium-browser: SameSite cookie bypass (CVE-2019-5880)
* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)
* chromium-browser: URL spoof (CVE-2019-13659)
* chromium-browser: Full screen notification overlap (CVE-2019-13660)
* chromium-browser: Full screen notification spoof (CVE-2019-13661)
* chromium-browser: CSP bypass (CVE-2019-13662)
* chromium-browser: IDN spoof (CVE-2019-13663)
* chromium-browser: CSRF bypass (CVE-2019-13664)
* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)
* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)
* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)
* chromium-browser: Global window leak via console (CVE-2019-13668)
* chromium-browser: HTTP authentication spoof (CVE-2019-13669)
* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)
* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)
* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)
* chromium-browser: IDN spoofing (CVE-2019-13674)
* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)
* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)
* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)
* chromium-browser: Download dialog spoofing (CVE-2019-13678)
* chromium-browser: User gesture needed for printing (CVE-2019-13679)
* chromium-browser: IP address spoofing to servers (CVE-2019-13680)
* chromium-browser: Bypass on download restrictions (CVE-2019-13681)
* chromium-browser: Site isolation bypass (CVE-2019-13682)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
9.6 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
9.6 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2019:3211
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 77.0.3865.120.\n\nSecurity Fix(es):\n\n* chromium-browser: Use-after-free in media (CVE-2019-5870)\n\n* chromium-browser: Heap overflow in Skia (CVE-2019-5871)\n\n* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)\n\n* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)\n\n* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)\n\n* chromium-browser: Use-after-free in media (CVE-2019-5876)\n\n* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-5878)\n\n* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)\n\n* chromium-browser: Use-after-free in media (CVE-2019-13688)\n\n* chromium-browser: Omnibox spoof (CVE-2019-13691)\n\n* chromium-browser: SOP bypass (CVE-2019-13692)\n\n* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)\n\n* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)\n\n* chromium-browser: Use-after-free in audio (CVE-2019-13695)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-13696)\n\n* chromium-browser: Cross-origin size leak (CVE-2019-13697)\n\n* chromium-browser: Extensions can read some local files (CVE-2019-5879)\n\n* chromium-browser: SameSite cookie bypass (CVE-2019-5880)\n\n* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)\n\n* chromium-browser: URL spoof (CVE-2019-13659)\n\n* chromium-browser: Full screen notification overlap (CVE-2019-13660)\n\n* chromium-browser: Full screen notification spoof (CVE-2019-13661)\n\n* chromium-browser: CSP bypass (CVE-2019-13662)\n\n* chromium-browser: IDN spoof (CVE-2019-13663)\n\n* chromium-browser: CSRF bypass (CVE-2019-13664)\n\n* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)\n\n* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)\n\n* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)\n\n* chromium-browser: Global window leak via console (CVE-2019-13668)\n\n* chromium-browser: HTTP authentication spoof (CVE-2019-13669)\n\n* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)\n\n* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)\n\n* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)\n\n* chromium-browser: IDN spoofing (CVE-2019-13674)\n\n* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)\n\n* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)\n\n* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)\n\n* chromium-browser: Download dialog spoofing (CVE-2019-13678)\n\n* chromium-browser: User gesture needed for printing (CVE-2019-13679)\n\n* chromium-browser: IP address spoofing to servers (CVE-2019-13680)\n\n* chromium-browser: Bypass on download restrictions (CVE-2019-13681)\n\n* chromium-browser: Site isolation bypass (CVE-2019-13682)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3211",
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1762366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762366"
},
{
"category": "external",
"summary": "1762367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762367"
},
{
"category": "external",
"summary": "1762368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762368"
},
{
"category": "external",
"summary": "1762370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762370"
},
{
"category": "external",
"summary": "1762371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762371"
},
{
"category": "external",
"summary": "1762372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762372"
},
{
"category": "external",
"summary": "1762373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762373"
},
{
"category": "external",
"summary": "1762374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762374"
},
{
"category": "external",
"summary": "1762375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762375"
},
{
"category": "external",
"summary": "1762376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762376"
},
{
"category": "external",
"summary": "1762377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762377"
},
{
"category": "external",
"summary": "1762378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762378"
},
{
"category": "external",
"summary": "1762379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762379"
},
{
"category": "external",
"summary": "1762380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762380"
},
{
"category": "external",
"summary": "1762381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762381"
},
{
"category": "external",
"summary": "1762382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762382"
},
{
"category": "external",
"summary": "1762383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762383"
},
{
"category": "external",
"summary": "1762384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762384"
},
{
"category": "external",
"summary": "1762385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762385"
},
{
"category": "external",
"summary": "1762386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762386"
},
{
"category": "external",
"summary": "1762387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762387"
},
{
"category": "external",
"summary": "1762388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762388"
},
{
"category": "external",
"summary": "1762389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762389"
},
{
"category": "external",
"summary": "1762390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762390"
},
{
"category": "external",
"summary": "1762391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762391"
},
{
"category": "external",
"summary": "1762392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762392"
},
{
"category": "external",
"summary": "1762393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762393"
},
{
"category": "external",
"summary": "1762394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762394"
},
{
"category": "external",
"summary": "1762395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762395"
},
{
"category": "external",
"summary": "1762396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762396"
},
{
"category": "external",
"summary": "1762397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762397"
},
{
"category": "external",
"summary": "1762398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762398"
},
{
"category": "external",
"summary": "1762399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762399"
},
{
"category": "external",
"summary": "1762400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762400"
},
{
"category": "external",
"summary": "1762401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762401"
},
{
"category": "external",
"summary": "1762402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762402"
},
{
"category": "external",
"summary": "1762474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762474"
},
{
"category": "external",
"summary": "1762476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762476"
},
{
"category": "external",
"summary": "1762518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762518"
},
{
"category": "external",
"summary": "1762519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762519"
},
{
"category": "external",
"summary": "1762520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762520"
},
{
"category": "external",
"summary": "1762521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762521"
},
{
"category": "external",
"summary": "1762522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762522"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3211.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2025-11-21T18:10:39+00:00",
"generator": {
"date": "2025-11-21T18:10:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:3211",
"initial_release_date": "2019-10-29T09:30:00+00:00",
"revision_history": [
{
"date": "2019-10-29T09:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-29T09:30:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:10:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product_id": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@77.0.3865.120-2.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product_id": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@77.0.3865.120-2.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product_id": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@77.0.3865.120-2.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product_id": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@77.0.3865.120-2.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5870",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762366"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "RHBZ#1762366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5870"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-5871",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762367"
}
],
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Heap overflow in Skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "RHBZ#1762367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5871"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Heap overflow in Skia"
},
{
"cve": "CVE-2019-5872",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762368"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in Mojo",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "RHBZ#1762368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5872"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5872",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5872"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in Mojo"
},
{
"cve": "CVE-2019-5874",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762370"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: External URIs may trigger other browsers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "RHBZ#1762370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5874"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: External URIs may trigger other browsers"
},
{
"cve": "CVE-2019-5875",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762371"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URL bar spoof via download redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "RHBZ#1762371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5875"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: URL bar spoof via download redirect"
},
{
"cve": "CVE-2019-5876",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762374"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "RHBZ#1762374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5876"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5876",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5876"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-5877",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762375"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds access in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "RHBZ#1762375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5877"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds access in V8"
},
{
"cve": "CVE-2019-5878",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762376"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "RHBZ#1762376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5878"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in V8"
},
{
"cve": "CVE-2019-5879",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762377"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Extensions can read some local files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "RHBZ#1762377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5879"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Extensions can read some local files"
},
{
"cve": "CVE-2019-5880",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762378"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SameSite cookie bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "RHBZ#1762378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5880"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SameSite cookie bypass"
},
{
"cve": "CVE-2019-5881",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762379"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Arbitrary read in SwiftShader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "RHBZ#1762379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5881"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Arbitrary read in SwiftShader"
},
{
"cve": "CVE-2019-13659",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762380"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URL spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "RHBZ#1762380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13659",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13659"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13659",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13659"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: URL spoof"
},
{
"cve": "CVE-2019-13660",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762381"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Full screen notification overlap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "RHBZ#1762381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13660"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Full screen notification overlap"
},
{
"cve": "CVE-2019-13661",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762382"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Full screen notification spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "RHBZ#1762382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762382"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13661",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13661"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13661",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13661"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Full screen notification spoof"
},
{
"cve": "CVE-2019-13662",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762383"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: CSP bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "RHBZ#1762383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13662",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13662"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: CSP bypass"
},
{
"cve": "CVE-2019-13663",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762384"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IDN spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "RHBZ#1762384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762384"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13663",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13663"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13663"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: IDN spoof"
},
{
"cve": "CVE-2019-13664",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762385"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: CSRF bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "RHBZ#1762385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13664"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: CSRF bypass"
},
{
"cve": "CVE-2019-13665",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762386"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple file download protection bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "RHBZ#1762386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13665"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple file download protection bypass"
},
{
"cve": "CVE-2019-13666",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762387"
}
],
"notes": [
{
"category": "description",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Side channel using storage size estimate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "RHBZ#1762387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13666"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Side channel using storage size estimate"
},
{
"cve": "CVE-2019-13667",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762388"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URI bar spoof when using external app URIs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "RHBZ#1762388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13667",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13667"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13667"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: URI bar spoof when using external app URIs"
},
{
"cve": "CVE-2019-13668",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762389"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Global window leak via console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "RHBZ#1762389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13668",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13668"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Global window leak via console"
},
{
"cve": "CVE-2019-13669",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762390"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: HTTP authentication spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "RHBZ#1762390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13669",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13669"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13669",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13669"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: HTTP authentication spoof"
},
{
"cve": "CVE-2019-13670",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762391"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: V8 memory corruption in regex",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "RHBZ#1762391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13670",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13670"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13670",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13670"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: V8 memory corruption in regex"
},
{
"cve": "CVE-2019-13671",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762392"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Dialog box fails to show origin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "RHBZ#1762392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13671",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13671"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13671",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13671"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Dialog box fails to show origin"
},
{
"cve": "CVE-2019-13673",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762393"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin information leak using devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "RHBZ#1762393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13673",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13673"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cross-origin information leak using devtools"
},
{
"cve": "CVE-2019-13674",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762394"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IDN spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "RHBZ#1762394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13674"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13674"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: IDN spoofing"
},
{
"cve": "CVE-2019-13675",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762395"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Extensions can be disabled by trailing slash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "RHBZ#1762395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13675"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Extensions can be disabled by trailing slash"
},
{
"cve": "CVE-2019-13676",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762396"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Google URI shown for certificate warning",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "RHBZ#1762396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13676"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Google URI shown for certificate warning"
},
{
"cve": "CVE-2019-13677",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762397"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Chrome web store origin needs to be isolated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "RHBZ#1762397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13677"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Chrome web store origin needs to be isolated"
},
{
"cve": "CVE-2019-13678",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762398"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Download dialog spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "RHBZ#1762398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13678"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Download dialog spoofing"
},
{
"cve": "CVE-2019-13679",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762399"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: User gesture needed for printing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "RHBZ#1762399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13679"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: User gesture needed for printing"
},
{
"cve": "CVE-2019-13680",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762400"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IP address spoofing to servers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "RHBZ#1762400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13680"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: IP address spoofing to servers"
},
{
"cve": "CVE-2019-13681",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762401"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Bypass on download restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "RHBZ#1762401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13681"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Bypass on download restrictions"
},
{
"cve": "CVE-2019-13682",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762402"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Site isolation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "RHBZ#1762402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762402"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13682",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13682"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Site isolation bypass"
},
{
"cve": "CVE-2019-13683",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762403"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Exceptions leaked by devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "RHBZ#1762403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13683"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Exceptions leaked by devtools"
},
{
"cve": "CVE-2019-13685",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762473"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13685"
},
{
"category": "external",
"summary": "RHBZ#1762473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762473"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13685"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "chromium-browser: Use-after-free in UI"
},
{
"cve": "CVE-2019-13686",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762476"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in offline pages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13686"
},
{
"category": "external",
"summary": "RHBZ#1762476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13686"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in offline pages"
},
{
"cve": "CVE-2019-13687",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762475"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13687"
},
{
"category": "external",
"summary": "RHBZ#1762475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13687"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-13688",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762474"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13688"
},
{
"category": "external",
"summary": "RHBZ#1762474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13688"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13688",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13688"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-13691",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762372"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Omnibox spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13691"
},
{
"category": "external",
"summary": "RHBZ#1762372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762372"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Omnibox spoof"
},
{
"cve": "CVE-2019-13692",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762373"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SOP bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13692"
},
{
"category": "external",
"summary": "RHBZ#1762373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13692"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: SOP bypass"
},
{
"cve": "CVE-2019-13693",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762518"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in IndexedDB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13693"
},
{
"category": "external",
"summary": "RHBZ#1762518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in IndexedDB"
},
{
"cve": "CVE-2019-13694",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762519"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in WebRTC",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13694"
},
{
"category": "external",
"summary": "RHBZ#1762519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13694"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in WebRTC"
},
{
"cve": "CVE-2019-13695",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762520"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in audio",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13695"
},
{
"category": "external",
"summary": "RHBZ#1762520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13695"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in audio"
},
{
"cve": "CVE-2019-13696",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762521"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13696"
},
{
"category": "external",
"summary": "RHBZ#1762521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13696"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in V8"
},
{
"cve": "CVE-2019-13697",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762522"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin size leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13697"
},
{
"category": "external",
"summary": "RHBZ#1762522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13697",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13697"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Cross-origin size leak"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…