Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 76.0.3809.87.
Security Fix(es):
* chromium-browser: Use-after-free in offline page fetcher (CVE-2019-5850)
* chromium-browser: Use-after-poison in offline audio context
(CVE-2019-5851)
* chromium-browser: Memory corruption in regexp length check
(CVE-2019-5853)
* chromium-browser: res: URIs can load alternative browsers (CVE-2019-5859)
* chromium-browser: Use-after-free in PDFium (CVE-2019-5860)
* chromium-browser: Integer overflow in PDFium (CVE-2019-5855)
* chromium-browser: Insufficient checks on filesystem: URI permissions
(CVE-2019-5856)
* chromium-browser: Site isolation bypass from compromised renderer
(CVE-2019-5865)
* chromium-browser: Object leak of utility functions (CVE-2019-5852)
* chromium-browser: Integer overflow in PDFium text rendering
(CVE-2019-5854)
* chromium-browser: Comparison of -0 and null yields crash (CVE-2019-5857)
* chromium-browser: Insufficient filtering of Open URL service parameters(CVE-2019-5858)
* chromium-browser: Click location incorrectly checked (CVE-2019-5861)
* chromium-browser: AppCache not robust to compromised renderers(CVE-2019-5862)
* chromium-browser: Insufficient port filtering in CORS for extensions
(CVE-2019-5864)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
https://access.redhat.com/security/cve/CVE-2019-5850 https://access.redhat.com/security/cve/CVE-2019-5851 https://access.redhat.com/security/cve/CVE-2019-5852 https://access.redhat.com/security/cve/CVE-2019-5853 https://access.redhat.com/security/cve/CVE-2019-5854 https://access.redhat.com/security/cve/CVE-2019-5855 https://access.redhat.com/security/cve/CVE-2019-5856 https://access.redhat.com/security/cve/CVE-2019-5857 https://access.redhat.com/security/cve/CVE-2019-5858 https://access.redhat.com/security/cve/CVE-2019-5859 https://access.redhat.com/security/cve/CVE-2019-5860 https://access.redhat.com/security/cve/CVE-2019-5861 https://access.redhat.com/security/cve/CVE-2019-5862 https://access.redhat.com/security/cve/CVE-2019-5864 https://access.redhat.com/security/cve/CVE-2019-5865 https://access.redhat.com/security/updates/classification#important
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-76.0.3809.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
i686:
chromium-browser-76.0.3809.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
x86_64:
chromium-browser-76.0.3809.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686:
chromium-browser-76.0.3809.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
x86_64:
chromium-browser-76.0.3809.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-76.0.3809.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
i686:
chromium-browser-76.0.3809.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
x86_64:
chromium-browser-76.0.3809.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-76.0.3809.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
i686:
Read the Full Advisory
An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64
1735496 - CVE-2019-5852 chromium-browser: Object leak of utility functions
1737721 - CVE-2019-5850 chromium-browser: Use-after-free in offline page fetcher
1737722 - CVE-2019-5860 chromium-browser: Use-after-free in PDFium
1737723 - CVE-2019-5853 chromium-browser: Memory corruption in regexp length check
1737724 - CVE-2019-5851 chromium-browser: Use-after-poison in offline audio context
1737725 - CVE-2019-5859 chromium-browser: res: URIs can load alternative browsers1737727 - CVE-2019-5856 chromium-browser: Insufficient checks on filesystem: URI permissions
1737729 - CVE-2019-5855 chromium-browser: Integer overflow in PDFium
1737730 - CVE-2019-5865 chromium-browser: Site isolation bypass from compromised renderer
1737731 - CVE-2019-5858 chromium-browser: Insufficient filtering of Open URL service parameters1737732 - CVE-2019-5864 chromium-browser: Insufficient port filtering in CORS for extensions
1737733 - CVE-2019-5862 chromium-browser: AppCache not robust to compromised renderers1737734 - CVE-2019-5861 chromium-browser: Click location incorrectly checked
1737735 - CVE-2019-5857 chromium-browser: Comparison of -0 and null yields crash
1737736 - CVE-2019-5854 chromium-browser: Integer overflow in PDFium text rendering
Get the latest Linux and open source security news straight to your inbox.