Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-6055 (GCVE-0-2018-6055)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/791003"
},
{
"name": "105516",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-07T09:57:02",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/791003"
},
{
"name": "105516",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "https://crbug.com/791003",
"refsource": "CONFIRM",
"url": "https://crbug.com/791003"
},
{
"name": "105516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6055",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-6055\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2018-09-25T14:29:04.227\",\"lastModified\":\"2024-11-21T04:09:58.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Aplicaci\u00f3n de pol\u00edticas insuficiente en Catalog Service en Google Chrome en versiones anteriores a la 64.0.3282.119 permit\u00eda que un atacante remoto ejecutase c\u00f3digo arbitrario fuera del sandbox mediante una p\u00e1gina HTML manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"64.0.3282.119\",\"matchCriteriaId\":\"BA764B9B-8048-4775-A9F7-3DD41AA467A7\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105516\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/791003\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/105516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/791003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2018:0265
Vulnerability from csaf_redhat
Published
2018-02-01 16:06
Modified
2025-08-04 12:00
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 64.0.3282.119.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)
* To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", this update reduces the precision of the timing data provided by the Date object and the performance.now() API, and the V8 JavaScript engine now uses masking of certain addresses and array or string indices.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 64.0.3282.119.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)\n\n* To mitigate timing-based side-channel attacks similar to \"Spectre\" and \"Meltdown\", this update reduces the precision of the timing data provided by the Date object and the performance.now() API, and the V8 JavaScript engine now uses masking of certain addresses and array or string indices.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:0265",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"category": "external",
"summary": "1538503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538503"
},
{
"category": "external",
"summary": "1538504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538504"
},
{
"category": "external",
"summary": "1538505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538505"
},
{
"category": "external",
"summary": "1538506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538506"
},
{
"category": "external",
"summary": "1538507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538507"
},
{
"category": "external",
"summary": "1538508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538508"
},
{
"category": "external",
"summary": "1538509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538509"
},
{
"category": "external",
"summary": "1538510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538510"
},
{
"category": "external",
"summary": "1538511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538511"
},
{
"category": "external",
"summary": "1538512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538512"
},
{
"category": "external",
"summary": "1538513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538513"
},
{
"category": "external",
"summary": "1538514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538514"
},
{
"category": "external",
"summary": "1538515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538515"
},
{
"category": "external",
"summary": "1538516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538516"
},
{
"category": "external",
"summary": "1538517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538517"
},
{
"category": "external",
"summary": "1538518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538518"
},
{
"category": "external",
"summary": "1538519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538519"
},
{
"category": "external",
"summary": "1538520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538520"
},
{
"category": "external",
"summary": "1538522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538522"
},
{
"category": "external",
"summary": "1538523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538523"
},
{
"category": "external",
"summary": "1538524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538524"
},
{
"category": "external",
"summary": "1538525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538525"
},
{
"category": "external",
"summary": "1538526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538526"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0265.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2025-08-04T12:00:10+00:00",
"generator": {
"date": "2025-08-04T12:00:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2018:0265",
"initial_release_date": "2018-02-01T16:06:57+00:00",
"revision_history": [
{
"date": "2018-02-01T16:06:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-02-01T16:06:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T12:00:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"product": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"product_id": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@64.0.3282.119-1.el6_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"product_id": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@64.0.3282.119-1.el6_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"product": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"product_id": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@64.0.3282.119-1.el6_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"product": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"product_id": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@64.0.3282.119-1.el6_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-6031",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538503"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6031"
},
{
"category": "external",
"summary": "RHBZ#1538503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6031"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2018-6032",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538504"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: same origin bypass in shared worker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6032"
},
{
"category": "external",
"summary": "RHBZ#1538504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538504"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6032"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: same origin bypass in shared worker"
},
{
"cve": "CVE-2018-6033",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538505"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: race when opening downloaded files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6033"
},
{
"category": "external",
"summary": "RHBZ#1538505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6033"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: race when opening downloaded files"
},
{
"cve": "CVE-2018-6034",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538506"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: integer overflow in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6034"
},
{
"category": "external",
"summary": "RHBZ#1538506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538506"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6034"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: integer overflow in blink"
},
{
"cve": "CVE-2018-6035",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538507"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient isolation of devtools from extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6035"
},
{
"category": "external",
"summary": "RHBZ#1538507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6035"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient isolation of devtools from extensions"
},
{
"cve": "CVE-2018-6036",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538508"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: integer underflow in webassembly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6036"
},
{
"category": "external",
"summary": "RHBZ#1538508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538508"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6036"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: integer underflow in webassembly"
},
{
"cve": "CVE-2018-6037",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538509"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient user gesture requirements in autofill",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6037"
},
{
"category": "external",
"summary": "RHBZ#1538509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6037",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6037"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6037",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6037"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient user gesture requirements in autofill"
},
{
"cve": "CVE-2018-6038",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538510"
}
],
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap buffer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6038"
},
{
"category": "external",
"summary": "RHBZ#1538510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538510"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6038",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6038"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6038",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6038"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: heap buffer overflow in webgl"
},
{
"cve": "CVE-2018-6039",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538511"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: xss in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6039"
},
{
"category": "external",
"summary": "RHBZ#1538511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6039"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: xss in devtools"
},
{
"cve": "CVE-2018-6040",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538512"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: content security policy bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6040"
},
{
"category": "external",
"summary": "RHBZ#1538512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6040"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: content security policy bypass"
},
{
"cve": "CVE-2018-6041",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538513"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoof in navigation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6041"
},
{
"category": "external",
"summary": "RHBZ#1538513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538513"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6041"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: url spoof in navigation"
},
{
"cve": "CVE-2018-6042",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538514"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoof in omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6042"
},
{
"category": "external",
"summary": "RHBZ#1538514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6042"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: url spoof in omnibox"
},
{
"cve": "CVE-2018-6043",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538515"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient escaping with external url handlers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6043"
},
{
"category": "external",
"summary": "RHBZ#1538515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6043",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6043"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient escaping with external url handlers"
},
{
"cve": "CVE-2018-6045",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538516"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient isolation of devtools from extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6045"
},
{
"category": "external",
"summary": "RHBZ#1538516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538516"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6045",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6045"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6045",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6045"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient isolation of devtools from extensions"
},
{
"cve": "CVE-2018-6046",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538517"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient isolation of devtools from extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6046"
},
{
"category": "external",
"summary": "RHBZ#1538517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6046",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6046"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient isolation of devtools from extensions"
},
{
"cve": "CVE-2018-6047",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538518"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: cross origin url leak in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6047"
},
{
"category": "external",
"summary": "RHBZ#1538518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6047",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6047"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: cross origin url leak in webgl"
},
{
"cve": "CVE-2018-6048",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538519"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: referrer policy bypass in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6048"
},
{
"category": "external",
"summary": "RHBZ#1538519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6048",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6048"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: referrer policy bypass in blink"
},
{
"cve": "CVE-2018-6049",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538520"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: ui spoof in permissions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6049"
},
{
"category": "external",
"summary": "RHBZ#1538520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6049",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6049"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: ui spoof in permissions"
},
{
"cve": "CVE-2018-6050",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538522"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoof in omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6050"
},
{
"category": "external",
"summary": "RHBZ#1538522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6050"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6050"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: url spoof in omnibox"
},
{
"cve": "CVE-2018-6051",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538523"
}
],
"notes": [
{
"category": "description",
"text": "XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: referrer leak in xss auditor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6051"
},
{
"category": "external",
"summary": "RHBZ#1538523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6051"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6051",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6051"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: referrer leak in xss auditor"
},
{
"cve": "CVE-2018-6052",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538524"
}
],
"notes": [
{
"category": "description",
"text": "Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: incomplete no-referrer policy implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6052"
},
{
"category": "external",
"summary": "RHBZ#1538524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6052"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: incomplete no-referrer policy implementation"
},
{
"cve": "CVE-2018-6053",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538525"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: leak of page thumbnails in new tab page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6053"
},
{
"category": "external",
"summary": "RHBZ#1538525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6053"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: leak of page thumbnails in new tab page"
},
{
"cve": "CVE-2018-6054",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538526"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in webui",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6054"
},
{
"category": "external",
"summary": "RHBZ#1538526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6054",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6054"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6054",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6054"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: use after free in webui"
},
{
"cve": "CVE-2018-6055",
"discovery_date": "2018-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1633393"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Insufficient policy enforcement in Catalog Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6055"
},
{
"category": "external",
"summary": "RHBZ#1633393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6055",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6055"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6055",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6055"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Insufficient policy enforcement in Catalog Service"
},
{
"cve": "CVE-2018-6119",
"discovery_date": "2018-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1633390"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Spoof of contents of the Omnibox (URL bar) via a crafted HTML page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6119"
},
{
"category": "external",
"summary": "RHBZ#1633390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6119"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Spoof of contents of the Omnibox (URL bar) via a crafted HTML page"
}
]
}
gsd-2018-6055
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-6055",
"description": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.",
"id": "GSD-2018-6055",
"references": [
"https://access.redhat.com/errata/RHSA-2018:0265",
"https://packetstormsecurity.com/files/cve/CVE-2018-6055"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-6055"
],
"details": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.",
"id": "GSD-2018-6055",
"modified": "2023-12-13T01:22:35.663183Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "https://crbug.com/791003",
"refsource": "CONFIRM",
"url": "https://crbug.com/791003"
},
{
"name": "105516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105516"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "64.0.3282.119",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6055"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/791003",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://crbug.com/791003"
},
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "105516",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105516"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-11-20T16:33Z",
"publishedDate": "2018-09-25T14:29Z"
}
}
}
fkie_cve-2018-6055
Vulnerability from fkie_nvd
Published
2018-09-25 14:29
Modified
2024-11-21 04:09
Severity ?
Summary
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | http://www.securityfocus.com/bid/105516 | ||
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html | ||
| chrome-cve-admin@google.com | https://crbug.com/791003 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105516 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/791003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA764B9B-8048-4775-A9F7-3DD41AA467A7",
"versionEndExcluding": "64.0.3282.119",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page."
},
{
"lang": "es",
"value": "Aplicaci\u00f3n de pol\u00edticas insuficiente en Catalog Service en Google Chrome en versiones anteriores a la 64.0.3282.119 permit\u00eda que un atacante remoto ejecutase c\u00f3digo arbitrario fuera del sandbox mediante una p\u00e1gina HTML manipulada."
}
],
"id": "CVE-2018-6055",
"lastModified": "2024-11-21T04:09:58.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-25T14:29:04.227",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/105516"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/791003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/105516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/791003"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-m6qv-gwg5-63c6
Vulnerability from github
Published
2022-05-14 01:57
Modified
2022-05-14 01:57
Severity ?
VLAI Severity ?
Details
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2018-6055"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-25T14:29:00Z",
"severity": "HIGH"
},
"details": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.",
"id": "GHSA-m6qv-gwg5-63c6",
"modified": "2022-05-14T01:57:54Z",
"published": "2022-05-14T01:57:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6055"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"type": "WEB",
"url": "https://crbug.com/791003"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105516"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…