VulnerableCode Package Details - pkg:rpm/redhat/chromium-browser@86.0.4240.111-1?arch=el6_10

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/chromium-browser@86.0.4240.111-1?arch=el6_10

Essentials
History (5)

purl	pkg:rpm/redhat/chromium-browser@86.0.4240.111-1?arch=el6_10

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-4d4y-ke13-xybe Aliases: CVE-2020-16002	Multiple vulnerabilities have been found in Qt WebEngine, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.
VCID-kemv-yxp8-j7ch Aliases: CVE-2020-16000	chromium-browser: Inappropriate implementation in Blink	There are no reported fixed by versions.
VCID-nx21-ks3v-53e4 Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62	Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d	There are no reported fixed by versions.
VCID-teaq-n85b-t3e2 Aliases: CVE-2020-16003	Multiple vulnerabilities have been found in Qt WebEngine, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.
VCID-vd3n-jecq-pfd7 Aliases: CVE-2020-16001	Multiple vulnerabilities have been found in Qt WebEngine, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:04:13.543643+00:00	RedHat Importer	Affected by	VCID-nx21-ks3v-53e4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json	38.0.0
2026-04-01T14:04:11.684315+00:00	RedHat Importer	Affected by	VCID-teaq-n85b-t3e2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16003.json	38.0.0
2026-04-01T14:04:11.660597+00:00	RedHat Importer	Affected by	VCID-4d4y-ke13-xybe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16002.json	38.0.0
2026-04-01T14:04:11.632826+00:00	RedHat Importer	Affected by	VCID-vd3n-jecq-pfd7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16001.json	38.0.0
2026-04-01T14:04:11.608983+00:00	RedHat Importer	Affected by	VCID-kemv-yxp8-j7ch	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16000.json	38.0.0