Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Red Hat: RHSA-2019-0708-01 Important Chromium-Browser Security Fix

red hat
Calendar Grey April 8, 2019
Dist Redhat Esm H88
The latest patch for chrome-browser tackles significant vulnerabilities within Red Hat Enterprise Linux.
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 73.0.3683.75.
Security Fix(es):
* chromium-browser: Use after free in Canvas (CVE-2019-5787)
* chromium-browser: Use after free in FileAPI (CVE-2019-5788)
* chromium-browser: Use after free in WebMIDI (CVE-2019-5789)
* chromium-browser: Heap buffer overflow in V8 (CVE-2019-5790)
* chromium-browser: Type confusion in V8 (CVE-2019-5791)
* chromium-browser: Integer overflow in PDFium (CVE-2019-5792)
* chromium-browser: Excessive permissions for private API in Extensions (CVE-2019-5793)
* chromium-browser: Security UI spoofing (CVE-2019-5794)
* chromium-browser: Integer overflow in PDFium (CVE-2019-5795)
* chromium-browser: Race condition in Extensions (CVE-2019-5796)
* chromium-browser: Race condition in DOMStorage (CVE-2019-5797)
* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
* chromium-browser: CSP bypass with blob URL (CVE-2019-5799)
* chromium-browser: CSP bypass with blob URL (CVE-2019-5800)
* chromium-browser: Security UI spoofing (CVE-2019-5802)
* chromium-browser: CSP bypass with Javascript URLs (CVE-2019-5803)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2019-5787 https://access.redhat.com/security/cve/CVE-2019-5788 https://access.redhat.com/security/cve/CVE-2019-5789 https://access.redhat.com/security/cve/CVE-2019-5790 https://access.redhat.com/security/cve/CVE-2019-5791 https://access.redhat.com/security/cve/CVE-2019-5792 https://access.redhat.com/security/cve/CVE-2019-5793 https://access.redhat.com/security/cve/CVE-2019-5794 https://access.redhat.com/security/cve/CVE-2019-5795 https://access.redhat.com/security/cve/CVE-2019-5796 https://access.redhat.com/security/cve/CVE-2019-5797 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-5799 https://access.redhat.com/security/cve/CVE-2019-5800 https://access.redhat.com/security/cve/CVE-2019-5802 https://access.redhat.com/security/cve/CVE-2019-5803 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-73.0.3683.75-1.el6_10.i686.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.i686.rpm
i686: chromium-browser-73.0.3683.75-1.el6_10.i686.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.i686.rpm
x86_64: chromium-browser-73.0.3683.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-73.0.3683.75-1.el6_10.i686.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.i686.rpm
x86_64: chromium-browser-73.0.3683.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-73.0.3683.75-1.el6_10.i686.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.i686.rpm
i686: chromium-browser-73.0.3683.75-1.el6_10.i686.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.i686.rpm
x86_64: chromium-browser-73.0.3683.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-73.0.3683.75-1.el6_10.i686.rpm chromium-browser-debuginfo-73.0.3683.75-1.el6_10.i686.rpm
i686:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:0708-01
Product: Red Hat Enterprise Linux Supplementary
Issue date: 2019-04-08

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

Bugs Fixed

1688189 - CVE-2019-5787 chromium-browser: Use after free in Canvas

1688190 - CVE-2019-5788 chromium-browser: Use after free in FileAPI

1688191 - CVE-2019-5789 chromium-browser: Use after free in WebMIDI

1688192 - CVE-2019-5790 chromium-browser: Heap buffer overflow in V8

1688193 - CVE-2019-5791 chromium-browser: Type confusion in V8

1688194 - CVE-2019-5792 chromium-browser: Integer overflow in PDFium

1688195 - CVE-2019-5793 chromium-browser: Excessive permissions for private API in Extensions

1688196 - CVE-2019-5794 chromium-browser: Security UI spoofing

1688197 - CVE-2019-5795 chromium-browser: Integer overflow in PDFium

1688198 - CVE-2019-5796 chromium-browser: Race condition in Extensions

1688199 - CVE-2019-5797 chromium-browser: Race condition in DOMStorage

1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia

1688201 - CVE-2019-5799 chromium-browser: CSP bypass with blob URL

1688202 - CVE-2019-5800 chromium-browser: CSP bypass with blob URL

1688204 - CVE-2019-5802 chromium-browser: Security UI spoofing

1688205 - CVE-2019-5803 chromium-browser: CSP bypass with Javascript URLs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.