Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Red Hat: RHSA-2018-2666-01 Important: Chromium-Browser Security Fix

red hat
Calendar Grey September 10, 2018
Scroller Redhat
Keep informed about the essential chromium-browser security patches for Red Hat Linux. Discover important vulnerabilities and their corresponding fixes.
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 69.0.3497.81.
Security Fix(es):
* chromium-browser: Out of bounds write in V8 (CVE-2018-16065)
* chromium-browser: Out of bounds read in Blink (CVE-2018-16066)
* chromium-browser: Out of bounds read in WebAudio (CVE-2018-16067)
* chromium-browser: Out of bounds write in Mojo (CVE-2018-16068)
* chromium-browser: Out of bounds read in SwiftShader (CVE-2018-16069)
* chromium-browser: Integer overflow in Skia (CVE-2018-16070)
* chromium-browser: Use after free in WebRTC (CVE-2018-16071)
* chromium-browser: Site Isolation bypass after tab restore (CVE-2018-16073)
* chromium-browser: Site Isolation bypass using Blob URLS (CVE-2018-16074)
* chromium-browser: Local file access in Blink (CVE-2018-16075)
* chromium-browser: Out of bounds read in PDFium (CVE-2018-16076)
* chromium-browser: Content security policy bypass in Blink (CVE-2018-16077)
* chromium-browser: Credit card information leak in Autofill (CVE-2018-16078)
* chromium-browser: URL spoof in permission dialogs (CVE-2018-16079)
* chromium-browser: URL spoof in full screen mode (CVE-2018-16080)
* chromium-browser: Local file access in DevTools (CVE-2018-16081)
* chromium-browser: Stack buffer overflow in SwiftShader (CVE-2018-16082)
* chromium-browser: Out of bounds read in WebRTC (CVE-2018-16083)
* chromium-browser: User confirmation bypass in external protocol handling (CVE-2018-16084)
* chromium-browser: Use after free in Memory Instrumentation (CVE-2018-16085)
* chromium-browser: Script injection in New Tab Page (CVE-2018-16086)
* chromium-browser: Multiple download restriction bypass (CVE-2018-16087)
* chromium-browser: User gesture requirement bypass (CVE-2018-16088)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2018-16065 https://access.redhat.com/security/cve/CVE-2018-16066 https://access.redhat.com/security/cve/CVE-2018-16067 https://access.redhat.com/security/cve/CVE-2018-16068 https://access.redhat.com/security/cve/CVE-2018-16069 https://access.redhat.com/security/cve/CVE-2018-16070 https://access.redhat.com/security/cve/CVE-2018-16071 https://access.redhat.com/security/cve/CVE-2018-16073 https://access.redhat.com/security/cve/CVE-2018-16074 https://access.redhat.com/security/cve/CVE-2018-16075 https://access.redhat.com/security/cve/CVE-2018-16076 https://access.redhat.com/security/cve/CVE-2018-16077 https://access.redhat.com/security/cve/CVE-2018-16078 https://access.redhat.com/security/cve/CVE-2018-16079 https://access.redhat.com/security/cve/CVE-2018-16080 https://access.redhat.com/security/cve/CVE-2018-16081 https://access.redhat.com/security/cve/CVE-2018-16082 https://access.redhat.com/security/cve/CVE-2018-16083 https://access.redhat.com/security/cve/CVE-2018-16084 https://access.redhat.com/security/cve/CVE-2018-16085 https://access.redhat.com/security/cve/CVE-2018-16086 https://access.redhat.com/security/cve/CVE-2018-16087 https://access.redhat.com/security/cve/CVE-2018-16088 Read the Full Advisory

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-69.0.3497.81-1.el6_10.i686.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm
x86_64: chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-69.0.3497.81-1.el6_10.i686.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm
x86_64: chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-69.0.3497.81-1.el6_10.i686.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm
x86_64: chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2018:2666-01
Product: Red Hat Enterprise Linux Supplementary
Issue date: 2018-09-10

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

Bugs Fixed

1625466 - CVE-2018-16065 chromium-browser: Out of bounds write in V8

1625467 - CVE-2018-16066 chromium-browser: Out of bounds read in Blink

1625469 - CVE-2018-16067 chromium-browser: Out of bounds read in WebAudio

1625470 - CVE-2018-16068 chromium-browser: Out of bounds write in Mojo

1625471 - CVE-2018-16069 chromium-browser: Out of bounds read in SwiftShader

1625472 - CVE-2018-16070 chromium-browser: Integer overflow in Skia

1625473 - CVE-2018-16071 chromium-browser: Use after free in WebRTC

1625475 - CVE-2018-16073 chromium-browser: Site Isolation bypass after tab restore

1625476 - CVE-2018-16074 chromium-browser: Site Isolation bypass using Blob URLS

1625477 - CVE-2018-16075 chromium-browser: Local file access in Blink

1625478 - CVE-2018-16076 chromium-browser: Out of bounds read in PDFium

1625479 - CVE-2018-16077 chromium-browser: Content security policy bypass in Blink

1625480 - CVE-2018-16078 chromium-browser: Credit card information leak in Autofill

1625481 - CVE-2018-16079 chromium-browser: URL spoof in permission dialogs

1625482 - CVE-2018-16080 chromium-browser: URL spoof in full screen mode

1625484 - CVE-2018-16081 chromium-browser: Local file access in DevTools

1625485 - CVE-2018-16082 chromium-browser: Stack buffer overflow in SwiftShader

1625486 - CVE-2018-16083 chromium-browser: Out of bounds read in WebRTC

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.