Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 31: 2019-5975f6ca93 moderate: Chromium Browser Exploits Fixed

fedora
Calendar Grey November 6, 2019
Dist Fedora Esm H88
Chromium 79 addresses multiple concerns, including critical security flaws and improvements tailored for Ubuntu participants.
Chromium 78

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Chromium 78. Fixes these: CVE-2019-5870 CVE-2019-5871 CVE-2019-5872

CVE-2019-5874 CVE-2019-5875 CVE-2019-13691 CVE-2019-13692 CVE-2019-5876

CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881

CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663

CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668

CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674

CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679

CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683

* Wed Oct 23 2019 Tom Callaway - 78.0.3904.80-1

- update to 78.0.3904.80

* Wed Oct 16 2019 Tom Callaway - 77.0.3865.120-4

- upstream fix for zlib symbol exports with gcc

* Wed Oct 16 2019 Tom Callaway - 77.0.3865.120-3

- silence outdated build noise (bz1745745)

* Tue Oct 15 2019 Tom Callaway - 77.0.3865.120-2

- fix node handling for EPEL-8

* Mon Oct 14 2019 Tomas Popela - 77.0.3865.120-1

- Update to 77.0.3865.120

* Thu Oct 10 2019 Tom Callaway - 77.0.3865.90-4

- enable aarch64 for EPEL-8

* Wed Oct 9 2019 Tom Callaway - 77.0.3865.90-3

- spec cleanups and changes to make EPEL8 try to build

[ 1 ] Bug #1762402 - CVE-2019-13682 chromium-browser: Site isolation bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762402

[ 2 ] Bug #1762401 - CVE-2019-13681 chromium-browser: Bypass on download restrictions

https://bugzilla.redhat.com/show_bug.cgi?id=1762401

[ 3 ] Bug #1762400 - CVE-2019-13680 chromium-browser: IP address spoofing to servers

https://bugzilla.redhat.com/show_bug.cgi?id=1762400

[ 4 ] Bug #1762399 - CVE-2019-13679 chromium-browser: User gesture needed for printing

https://bugzilla.redhat.com/show_bug.cgi?id=1762399

[ 5 ] Bug #1762398 - CVE-2019-13678 chromium-browser: Download dialog spoofing

https://bugzilla.redhat.com/show_bug.cgi?id=1762398

[ 6 ] Bug #1762397 - CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated

https://bugzilla.redhat.com/show_bug.cgi?id=1762397

[ 7 ] Bug #1762396 - CVE-2019-13676 chromium-browser: Google URI shown for certificate warning

https://bugzilla.redhat.com/show_bug.cgi?id=1762396

[ 8 ] Bug #1762395 - CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash

https://bugzilla.redhat.com/show_bug.cgi?id=1762395

[ 9 ] Bug #1762394 - CVE-2019-13674 chromium-browser: IDN spoofing

https://bugzilla.redhat.com/show_bug.cgi?id=1762394

[ 10 ] Bug #1762393 - CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools

https://bugzilla.redhat.com/show_bug.cgi?id=1762393

[ 11 ] Bug #1762392 - CVE-2019-13671 chromium-browser: Dialog box fails to show origin

https://bugzilla.redhat.com/show_bug.cgi?id=1762392

[ 12 ] Bug #1762391 - CVE-2019-13670 chromium-browser: V8 memory corruption in regex

https://bugzilla.redhat.com/show_bug.cgi?id=1762391

[ 13 ] Bug #1762390 - CVE-2019-13669 chromium-browser: HTTP authentication spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762390

[ 14 ] Bug #1762389 - CVE-2019-13668 chromium-browser: Global window leak via console

https://bugzilla.redhat.com/show_bug.cgi?id=1762389

[ 15 ] Bug #1762388 - CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs

https://bugzilla.redhat.com/show_bug.cgi?id=1762388

[ 16 ] Bug #1762387 - CVE-2019-13666 chromium-browser: Side channel using storage size estimate

https://bugzilla.redhat.com/show_bug.cgi?id=1762387

[ 17 ] Bug #1762386 - CVE-2019-13665 chromium-browser: Multiple file download protection bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762386

[ 18 ] Bug #1762385 - CVE-2019-13664 chromium-browser: CSRF bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762385

[ 19 ] Bug #1762384 - CVE-2019-13663 chromium-browser: IDN spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762384

[ 20 ] Bug #1762383 - CVE-2019-13662 chromium-browser: CSP bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762383

[ 21 ] Bug #1762382 - CVE-2019-13661 chromium-browser: Full screen notification spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762382

[ 22 ] Bug #1762381 - CVE-2019-13660 chromium-browser: Full screen notification overlap

https://bugzilla.redhat.com/show_bug.cgi?id=1762381

[ 23 ] Bug #1762380 - CVE-2019-13659 chromium-browser: URL spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762380

[ 24 ] Bug #1762379 - CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader

https://bugzilla.redhat.com/show_bug.cgi?id=1762379

[ 25 ] Bug #1762378 - CVE-2019-5880 chromium-browser: SameSite cookie bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762378

[ 26 ] Bug #1762377 - CVE-2019-5879 chromium-browser: Extensions can read some local files

https://bugzilla.redhat.com/show_bug.cgi?id=1762377

[ 27 ] Bug #1762376 - CVE-2019-5878 chromium-browser: Use-after-free in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1762376

[ 28 ] Bug #1762375 - CVE-2019-5877 chromium-browser: Out-of-bounds access in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1762375

[ 29 ] Bug #1762374 - CVE-2019-5876 chromium-browser: Use-after-free in media

https://bugzilla.redhat.com/show_bug.cgi?id=1762374

[ 30 ] Bug #1762373 - CVE-2019-13692 chromium-browser: SOP bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762373

[ 31 ] Bug #1762372 - CVE-2019-13691 chromium-browser: Omnibox spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762372

[ 32 ] Bug #1762371 - CVE-2019-5875 chromium-browser: URL bar spoof via download redirect

https://bugzilla.redhat.com/show_bug.cgi?id=1762371

[ 33 ] Bug #1762370 - CVE-2019-5874 chromium-browser: External URIs may trigger other browsers

https://bugzilla.redhat.com/show_bug.cgi?id=1762370

[ 34 ] Bug #1762368 - CVE-2019-5872 chromium-browser: Use-after-free in Mojo

https://bugzilla.redhat.com/show_bug.cgi?id=1762368

[ 35 ] Bug #1762367 - CVE-2019-5871 chromium-browser: Heap overflow in Skia

https://bugzilla.redhat.com/show_bug.cgi?id=1762367

[ 36 ] Bug #1762366 - CVE-2019-5870 chromium-browser: Use-after-free in media

https://bugzilla.redhat.com/show_bug.cgi?id=1762366

su -c 'dnf upgrade --advisory FEDORA-2019-5975f6ca93' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update Fedora exploit browser bypass chrome

Change Log

References

Update Instructions

Product: Fedora 31
Version: 78.0.3904.70
Release: 1.fc31
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser

Topics%20covered

Topics Covered

security advisory update Fedora exploit browser bypass chrome

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here