Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 31: FEDORA-2019-9a5e81214f moderate: Chromium Security Fix

fedora
Calendar Grey October 26, 2019
Dist Fedora Esm H88
Fedora 31 sees Chromium update to version 77.0.3865.120, bringing along a host of security enhancements tackling vulnerabilities such as CSRF and phishing.
Chromium update to 77.0.3865.120

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Chromium update to 77.0.3865.120. For the upstream announcement see

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html.

* Mon Oct 14 2019 Tomas Popela - 77.0.3865.120-1

- Update to 77.0.3865.120

[ 1 ] Bug #1762385 - CVE-2019-13664 chromium-browser: CSRF bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762385

[ 2 ] Bug #1762384 - CVE-2019-13663 chromium-browser: IDN spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762384

[ 3 ] Bug #1762383 - CVE-2019-13662 chromium-browser: CSP bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762383

[ 4 ] Bug #1762382 - CVE-2019-13661 chromium-browser: Full screen notification spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762382

[ 5 ] Bug #1762381 - CVE-2019-13660 chromium-browser: Full screen notification overlap

https://bugzilla.redhat.com/show_bug.cgi?id=1762381

[ 6 ] Bug #1762380 - CVE-2019-13659 chromium-browser: URL spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762380

[ 7 ] Bug #1762379 - CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader

https://bugzilla.redhat.com/show_bug.cgi?id=1762379

[ 8 ] Bug #1762378 - CVE-2019-5880 chromium-browser: SameSite cookie bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762378

[ 9 ] Bug #1762377 - CVE-2019-5879 chromium-browser: Extensions can read some local files

https://bugzilla.redhat.com/show_bug.cgi?id=1762377

[ 10 ] Bug #1762376 - CVE-2019-5878 chromium-browser: Use-after-free in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1762376

[ 11 ] Bug #1762375 - CVE-2019-5877 chromium-browser: Out-of-bounds access in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1762375

[ 12 ] Bug #1762374 - CVE-2019-5876 chromium-browser: Use-after-free in media

https://bugzilla.redhat.com/show_bug.cgi?id=1762374

[ 13 ] Bug #1762373 - CVE-2019-13692 chromium-browser: SOP bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762373

[ 14 ] Bug #1762372 - CVE-2019-13691 chromium-browser: Omnibox spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762372

[ 15 ] Bug #1762371 - CVE-2019-5875 chromium-browser: URL bar spoof via download redirect

https://bugzilla.redhat.com/show_bug.cgi?id=1762371

[ 16 ] Bug #1762370 - CVE-2019-5874 chromium-browser: External URIs may trigger other browsers

https://bugzilla.redhat.com/show_bug.cgi?id=1762370

[ 17 ] Bug #1762369 - CVE-2019-5873 chromium-browser: URL bar spoofing on iOS

https://bugzilla.redhat.com/show_bug.cgi?id=1762369

[ 18 ] Bug #1762368 - CVE-2019-5872 chromium-browser: Use-after-free in Mojo

https://bugzilla.redhat.com/show_bug.cgi?id=1762368

[ 19 ] Bug #1762367 - CVE-2019-5871 chromium-browser: Heap overflow in Skia

https://bugzilla.redhat.com/show_bug.cgi?id=1762367

[ 20 ] Bug #1762366 - CVE-2019-5870 chromium-browser: Use-after-free in media

https://bugzilla.redhat.com/show_bug.cgi?id=1762366

[ 21 ] Bug #1762403 - CVE-2019-13683 chromium-browser: Exceptions leaked by devtools

https://bugzilla.redhat.com/show_bug.cgi?id=1762403

[ 22 ] Bug #1762402 - CVE-2019-13682 chromium-browser: Site isolation bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762402

[ 23 ] Bug #1762401 - CVE-2019-13681 chromium-browser: Bypass on download restrictions

https://bugzilla.redhat.com/show_bug.cgi?id=1762401

[ 24 ] Bug #1762400 - CVE-2019-13680 chromium-browser: IP address spoofing to servers

https://bugzilla.redhat.com/show_bug.cgi?id=1762400

[ 25 ] Bug #1762399 - CVE-2019-13679 chromium-browser: User gesture needed for printing

https://bugzilla.redhat.com/show_bug.cgi?id=1762399

[ 26 ] Bug #1762398 - CVE-2019-13678 chromium-browser: Download dialog spoofing

https://bugzilla.redhat.com/show_bug.cgi?id=1762398

[ 27 ] Bug #1762397 - CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated

https://bugzilla.redhat.com/show_bug.cgi?id=1762397

[ 28 ] Bug #1762396 - CVE-2019-13676 chromium-browser: Google URI shown for certificate warning

https://bugzilla.redhat.com/show_bug.cgi?id=1762396

[ 29 ] Bug #1762395 - CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash

https://bugzilla.redhat.com/show_bug.cgi?id=1762395

[ 30 ] Bug #1762394 - CVE-2019-13674 chromium-browser: IDN spoofing

https://bugzilla.redhat.com/show_bug.cgi?id=1762394

[ 31 ] Bug #1762393 - CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools

https://bugzilla.redhat.com/show_bug.cgi?id=1762393

[ 32 ] Bug #1762392 - CVE-2019-13671 chromium-browser: Dialog box fails to show origin

https://bugzilla.redhat.com/show_bug.cgi?id=1762392

[ 33 ] Bug #1762391 - CVE-2019-13670 chromium-browser: V8 memory corruption in regex

https://bugzilla.redhat.com/show_bug.cgi?id=1762391

[ 34 ] Bug #1762390 - CVE-2019-13669 chromium-browser: HTTP authentication spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1762390

[ 35 ] Bug #1762389 - CVE-2019-13668 chromium-browser: Global window leak via console

https://bugzilla.redhat.com/show_bug.cgi?id=1762389

[ 36 ] Bug #1762388 - CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs

https://bugzilla.redhat.com/show_bug.cgi?id=1762388

[ 37 ] Bug #1762387 - CVE-2019-13666 chromium-browser: Side channel using storage size estimate

https://bugzilla.redhat.com/show_bug.cgi?id=1762387

[ 38 ] Bug #1762386 - CVE-2019-13665 chromium-browser: Multiple file download protection bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1762386

su -c 'dnf upgrade --advisory FEDORA-2019-9a5e81214f' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update Fedora chromium CSRF bypass spoof

Change Log

References

Update Instructions

Product: Fedora 31
Version: 77.0.3865.120
Release: 1.fc31
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser

Topics%20covered

Topics Covered

security advisory update Fedora chromium CSRF bypass spoof

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here