Red Hat: RHSA-2019-1021 Important Security Update for Chromium Browser

red hat

May 7, 2019

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 74.0.3729.108.
Security Fix(es):
* chromium-browser: Use after free in PDFium (CVE-2019-5805)
* chromium-browser: Integer overflow in Angle (CVE-2019-5806)
* chromium-browser: Memory corruption in V8 (CVE-2019-5807)
* chromium-browser: Use after free in Blink (CVE-2019-5808)
* chromium-browser: Use after free in Blink (CVE-2019-5809)
* chromium-browser: User information disclosure in Autofill (CVE-2019-5810)
* chromium-browser: CORS bypass in Blink (CVE-2019-5811)
* chromium-browser: Out of bounds read in V8 (CVE-2019-5813)
* chromium-browser: CORS bypass in Blink (CVE-2019-5814)
* chromium-browser: Heap buffer overflow in Blink (CVE-2019-5815)
* chromium-browser: Uninitialized value in media reader (CVE-2019-5818)
* chromium-browser: Incorrect escaping in developer tools (CVE-2019-5819)
* chromium-browser: Integer overflow in PDFium (CVE-2019-5820)
* chromium-browser: Integer overflow in PDFium (CVE-2019-5821)
* chromium-browser: CORS bypass in download manager (CVE-2019-5822)
* chromium-browser: Forced navigation from service worker (CVE-2019-5823)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics Covered

security advisory red hat security fix important linux browser update chromium

References

https://access.redhat.com/security/cve/CVE-2019-5805 https://access.redhat.com/security/cve/CVE-2019-5806 https://access.redhat.com/security/cve/CVE-2019-5807 https://access.redhat.com/security/cve/CVE-2019-5808 https://access.redhat.com/security/cve/CVE-2019-5809 https://access.redhat.com/security/cve/CVE-2019-5810 https://access.redhat.com/security/cve/CVE-2019-5811 https://access.redhat.com/security/cve/CVE-2019-5813 https://access.redhat.com/security/cve/CVE-2019-5814 https://access.redhat.com/security/cve/CVE-2019-5815 https://access.redhat.com/security/cve/CVE-2019-5818 https://access.redhat.com/security/cve/CVE-2019-5819 https://access.redhat.com/security/cve/CVE-2019-5820 https://access.redhat.com/security/cve/CVE-2019-5821 https://access.redhat.com/security/cve/CVE-2019-5822 https://access.redhat.com/security/cve/CVE-2019-5823 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-74.0.3729.108-1.el6_10.i686.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.i686.rpm
i686: chromium-browser-74.0.3729.108-1.el6_10.i686.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.i686.rpm
x86_64: chromium-browser-74.0.3729.108-1.el6_10.x86_64.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-74.0.3729.108-1.el6_10.i686.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.i686.rpm
x86_64: chromium-browser-74.0.3729.108-1.el6_10.x86_64.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-74.0.3729.108-1.el6_10.i686.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.i686.rpm
i686: chromium-browser-74.0.3729.108-1.el6_10.i686.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.i686.rpm
x86_64: chromium-browser-74.0.3729.108-1.el6_10.x86_64.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-74.0.3729.108-1.el6_10.i686.rpm chromium-browser-debuginfo-74.0.3729.108-1.el6_10.i686.rpm
i686:

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2019:1021-01

Product: Red Hat Enterprise Linux Supplementary

Advisory URL: https://access.redhat.com/errata/RHSA-2019:1021

Issue date: 2019-05-07

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics Covered

security advisory red hat security fix important linux browser update chromium

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

Bugs Fixed

1702895 - CVE-2019-5805 chromium-browser: Use after free in PDFium

1702896 - CVE-2019-5806 chromium-browser: Integer overflow in Angle

1702897 - CVE-2019-5807 chromium-browser: Memory corruption in V8

1702898 - CVE-2019-5808 chromium-browser: Use after free in Blink

1702899 - CVE-2019-5809 chromium-browser: Use after free in Blink

1702900 - CVE-2019-5810 chromium-browser: User information disclosure in Autofill

1702901 - CVE-2019-5811 chromium-browser: CORS bypass in Blink

1702903 - CVE-2019-5813 chromium-browser: Out of bounds read in V8

1702904 - CVE-2019-5814 chromium-browser: CORS bypass in Blink

1702905 - CVE-2019-5815 chromium-browser: Heap buffer overflow in Blink

1702908 - CVE-2019-5818 chromium-browser: Uninitialized value in media reader

1702909 - CVE-2019-5819 chromium-browser: Incorrect escaping in developer tools

1702910 - CVE-2019-5820 chromium-browser: Integer overflow in PDFium

1702911 - CVE-2019-5821 chromium-browser: Integer overflow in PDFium

1702912 - CVE-2019-5822 chromium-browser: CORS bypass in download manager

1702913 - CVE-2019-5823 chromium-browser: Forced navigation from service worker

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat: RHSA-2019-1021 Important Security Update for Chromium Browser

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat: RHSA-2019-1021 Important Security Update for Chromium Browser

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!