Bug 1165654 (CVE-2014-7905)

Summary: CVE-2014-7905 chromium-browser: Flaw allowing navigation to intents that do not have the BROWSABLE category
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: huzaifas, jgrulich, jreznik, kalevlember, kevin, kevin, ltinkl, martin.sourada, mathstuf, mclasen, mtasaka, rdieter, rnovacek, than, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20141118,reported=20141119,source=internet,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/chromium-browser=notaffected
Fixed In Version: Chrome 39.0.2171.65 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-20 05:37:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 1165665    

Description Vasyl Kaigorodov 2014-11-19 12:44:46 UTC
Unspecified vulnerability was found [1] that allow navigation to entities that do not have the BROWSABLE category

[1]: https://code.google.com/p/chromium/issues/detail?id=421817

External References:

http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html

Comment 2 Huzaifa S. Sidhpurwala 2014-11-20 05:36:48 UTC
Upstream bug suggests that this issue is android only.

Statement:

Not vulnerable. This issue does not affect the version of chromium-browser as shipped with Red Hat Enterprise Linux 6.