-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: chromium-browser security update
Advisory ID:       RHSA-2019:3211-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3211
Issue date:        2019-10-29
CVE Names:         CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 
                   CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 
                   CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 
                   CVE-2019-5880 CVE-2019-5881 CVE-2019-13659 
                   CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 
                   CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 
                   CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 
                   CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 
                   CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 
                   CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 
                   CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 
                   CVE-2019-13682 CVE-2019-13686 CVE-2019-13688 
                   CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 
                   CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 
                   CVE-2019-13697 
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 77.0.3865.120.

Security Fix(es):

* chromium-browser: Use-after-free in media (CVE-2019-5870)

* chromium-browser: Heap overflow in Skia (CVE-2019-5871)

* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)

* chromium-browser: External URIs may trigger other browsers
(CVE-2019-5874)

* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)

* chromium-browser: Use-after-free in media (CVE-2019-5876)

* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)

* chromium-browser: Use-after-free in V8 (CVE-2019-5878)

* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)

* chromium-browser: Use-after-free in media (CVE-2019-13688)

* chromium-browser: Omnibox spoof (CVE-2019-13691)

* chromium-browser: SOP bypass (CVE-2019-13692)

* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)

* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)

* chromium-browser: Use-after-free in audio (CVE-2019-13695)

* chromium-browser: Use-after-free in V8 (CVE-2019-13696)

* chromium-browser: Cross-origin size leak (CVE-2019-13697)

* chromium-browser: Extensions can read some local files (CVE-2019-5879)

* chromium-browser: SameSite cookie bypass (CVE-2019-5880)

* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)

* chromium-browser: URL spoof (CVE-2019-13659)

* chromium-browser: Full screen notification overlap (CVE-2019-13660)

* chromium-browser: Full screen notification spoof (CVE-2019-13661)

* chromium-browser: CSP bypass (CVE-2019-13662)

* chromium-browser: IDN spoof (CVE-2019-13663)

* chromium-browser: CSRF bypass (CVE-2019-13664)

* chromium-browser: Multiple file download protection bypass
(CVE-2019-13665)

* chromium-browser: Side channel using storage size estimate
(CVE-2019-13666)

* chromium-browser: URI bar spoof when using external app URIs
(CVE-2019-13667)

* chromium-browser: Global window leak via console (CVE-2019-13668)

* chromium-browser: HTTP authentication spoof (CVE-2019-13669)

* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)

* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)

* chromium-browser: Cross-origin information leak using devtools
(CVE-2019-13673)

* chromium-browser: IDN spoofing (CVE-2019-13674)

* chromium-browser: Extensions can be disabled by trailing slash
(CVE-2019-13675)

* chromium-browser: Google URI shown for certificate warning
(CVE-2019-13676)

* chromium-browser: Chrome web store origin needs to be isolated
(CVE-2019-13677)

* chromium-browser: Download dialog spoofing (CVE-2019-13678)

* chromium-browser: User gesture needed for printing (CVE-2019-13679)

* chromium-browser: IP address spoofing to servers (CVE-2019-13680)

* chromium-browser: Bypass on download restrictions (CVE-2019-13681)

* chromium-browser: Site isolation bypass (CVE-2019-13682)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1762366 - CVE-2019-5870 chromium-browser: Use-after-free in media
1762367 - CVE-2019-5871 chromium-browser: Heap overflow in Skia
1762368 - CVE-2019-5872 chromium-browser: Use-after-free in Mojo
1762370 - CVE-2019-5874 chromium-browser: External URIs may trigger other browsers
1762371 - CVE-2019-5875 chromium-browser: URL bar spoof via download redirect
1762372 - CVE-2019-13691 chromium-browser: Omnibox spoof
1762373 - CVE-2019-13692 chromium-browser: SOP bypass
1762374 - CVE-2019-5876 chromium-browser: Use-after-free in media
1762375 - CVE-2019-5877 chromium-browser: Out-of-bounds access in V8
1762376 - CVE-2019-5878 chromium-browser: Use-after-free in V8
1762377 - CVE-2019-5879 chromium-browser: Extensions can read some local files
1762378 - CVE-2019-5880 chromium-browser: SameSite cookie bypass
1762379 - CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader
1762380 - CVE-2019-13659 chromium-browser: URL spoof
1762381 - CVE-2019-13660 chromium-browser: Full screen notification overlap
1762382 - CVE-2019-13661 chromium-browser: Full screen notification spoof
1762383 - CVE-2019-13662 chromium-browser: CSP bypass
1762384 - CVE-2019-13663 chromium-browser: IDN spoof
1762385 - CVE-2019-13664 chromium-browser: CSRF bypass
1762386 - CVE-2019-13665 chromium-browser: Multiple file download protection bypass
1762387 - CVE-2019-13666 chromium-browser: Side channel using storage size estimate
1762388 - CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs
1762389 - CVE-2019-13668 chromium-browser: Global window leak via console
1762390 - CVE-2019-13669 chromium-browser: HTTP authentication spoof
1762391 - CVE-2019-13670 chromium-browser: V8 memory corruption in regex
1762392 - CVE-2019-13671 chromium-browser: Dialog box fails to show origin
1762393 - CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools
1762394 - CVE-2019-13674 chromium-browser: IDN spoofing
1762395 - CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash
1762396 - CVE-2019-13676 chromium-browser: Google URI shown for certificate warning
1762397 - CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated
1762398 - CVE-2019-13678 chromium-browser: Download dialog spoofing
1762399 - CVE-2019-13679 chromium-browser: User gesture needed for printing
1762400 - CVE-2019-13680 chromium-browser: IP address spoofing to servers
1762401 - CVE-2019-13681 chromium-browser: Bypass on download restrictions
1762402 - CVE-2019-13682 chromium-browser: Site isolation bypass
1762474 - CVE-2019-13688 chromium-browser: Use-after-free in media
1762476 - CVE-2019-13686 chromium-browser: Use-after-free in offline pages
1762518 - CVE-2019-13693 chromium-browser: Use-after-free in IndexedDB
1762519 - CVE-2019-13694 chromium-browser: Use-after-free in WebRTC
1762520 - CVE-2019-13695 chromium-browser: Use-after-free in audio
1762521 - CVE-2019-13696 chromium-browser: Use-after-free in V8
1762522 - CVE-2019-13697 chromium-browser: Cross-origin size leak

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5870
https://access.redhat.com/security/cve/CVE-2019-5871
https://access.redhat.com/security/cve/CVE-2019-5872
https://access.redhat.com/security/cve/CVE-2019-5874
https://access.redhat.com/security/cve/CVE-2019-5875
https://access.redhat.com/security/cve/CVE-2019-5876
https://access.redhat.com/security/cve/CVE-2019-5877
https://access.redhat.com/security/cve/CVE-2019-5878
https://access.redhat.com/security/cve/CVE-2019-5879
https://access.redhat.com/security/cve/CVE-2019-5880
https://access.redhat.com/security/cve/CVE-2019-5881
https://access.redhat.com/security/cve/CVE-2019-13659
https://access.redhat.com/security/cve/CVE-2019-13660
https://access.redhat.com/security/cve/CVE-2019-13661
https://access.redhat.com/security/cve/CVE-2019-13662
https://access.redhat.com/security/cve/CVE-2019-13663
https://access.redhat.com/security/cve/CVE-2019-13664
https://access.redhat.com/security/cve/CVE-2019-13665
https://access.redhat.com/security/cve/CVE-2019-13666
https://access.redhat.com/security/cve/CVE-2019-13667
https://access.redhat.com/security/cve/CVE-2019-13668
https://access.redhat.com/security/cve/CVE-2019-13669
https://access.redhat.com/security/cve/CVE-2019-13670
https://access.redhat.com/security/cve/CVE-2019-13671
https://access.redhat.com/security/cve/CVE-2019-13673
https://access.redhat.com/security/cve/CVE-2019-13674
https://access.redhat.com/security/cve/CVE-2019-13675
https://access.redhat.com/security/cve/CVE-2019-13676
https://access.redhat.com/security/cve/CVE-2019-13677
https://access.redhat.com/security/cve/CVE-2019-13678
https://access.redhat.com/security/cve/CVE-2019-13679
https://access.redhat.com/security/cve/CVE-2019-13680
https://access.redhat.com/security/cve/CVE-2019-13681
https://access.redhat.com/security/cve/CVE-2019-13682
https://access.redhat.com/security/cve/CVE-2019-13686
https://access.redhat.com/security/cve/CVE-2019-13688
https://access.redhat.com/security/cve/CVE-2019-13691
https://access.redhat.com/security/cve/CVE-2019-13692
https://access.redhat.com/security/cve/CVE-2019-13693
https://access.redhat.com/security/cve/CVE-2019-13694
https://access.redhat.com/security/cve/CVE-2019-13695
https://access.redhat.com/security/cve/CVE-2019-13696
https://access.redhat.com/security/cve/CVE-2019-13697
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----Version: GnuPG v1

iQIVAwUBXbgGY9zjgjWX9erEAQj5wRAAm+j/C5YBPVUg7udi96drwCfuSa6gmk9L
NtbMW6kPN9zgCKb/hvB/jIzbn7OKUKUOvNc0oChsn2ZBUYoD807RWOs/yhAMw7qV
p/9uNGAgSmX77rcvWF0IGSG5xcwoVpPcN18ZFRtz6c3QrRo24wSOygDZVuXFjZ2Y
fBcwqtVDiwhCj2m64q9DXXdS0+Xf7h79xZYoBZHboHS5l/XupFL/E7VLp92uW/uX
mxgaLFi+BWau1aMXxxyzDn/yWD19ImAZ+i3e8tsDVyMJqZspkIlb6Gvskp7vLyqw
TtSxWUnopoR3LE5oEeBhnQoV6Pzuu5FFq+iQ/ZxM4vcKelUtNi/A6x/EQYsqRZ7v
p002vFgQweppzKdZqybAzRLuPeWWuoCDqOoCWJHGtce2CHi+MIX0P9PYkBZHmdI8
AI2L4CvH5xLwrZvQfNR/JwEr2TiC6WNkV96vGJcS10V7qPezRJWBTS6W/R26D9Wo
IkjP6XWxBUti9wUZ5Ij4ozb/RPaRuAGjYl3Y56M2X0vcCqaRb76/3J3BsJi9xhe0
InutsymfIQRhRoHNQWApvhNqu0pvPjpoArtssjvanKP1U92+jEp5SO3VoRHKm3Bk
231kkQHF2G5wfIQoyaivZO6dWW0eelJyHKennFIG9kbTYdtq1DkqxwJElRqLEmEP
eDhYjjUM1yo=/Xwd
-----END PGP SIGNATURE-------RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2019-3211:01 Critical: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Criti...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 77.0.3865.120.
Security Fix(es):
* chromium-browser: Use-after-free in media (CVE-2019-5870)
* chromium-browser: Heap overflow in Skia (CVE-2019-5871)
* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)
* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)
* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)
* chromium-browser: Use-after-free in media (CVE-2019-5876)
* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)
* chromium-browser: Use-after-free in V8 (CVE-2019-5878)
* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)
* chromium-browser: Use-after-free in media (CVE-2019-13688)
* chromium-browser: Omnibox spoof (CVE-2019-13691)
* chromium-browser: SOP bypass (CVE-2019-13692)
* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)
* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)
* chromium-browser: Use-after-free in audio (CVE-2019-13695)
* chromium-browser: Use-after-free in V8 (CVE-2019-13696)
* chromium-browser: Cross-origin size leak (CVE-2019-13697)
* chromium-browser: Extensions can read some local files (CVE-2019-5879)
* chromium-browser: SameSite cookie bypass (CVE-2019-5880)
* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)
* chromium-browser: URL spoof (CVE-2019-13659)
* chromium-browser: Full screen notification overlap (CVE-2019-13660)
* chromium-browser: Full screen notification spoof (CVE-2019-13661)
* chromium-browser: CSP bypass (CVE-2019-13662)
* chromium-browser: IDN spoof (CVE-2019-13663)
* chromium-browser: CSRF bypass (CVE-2019-13664)
* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)
* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)
* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)
* chromium-browser: Global window leak via console (CVE-2019-13668)
* chromium-browser: HTTP authentication spoof (CVE-2019-13669)
* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)
* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)
* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)
* chromium-browser: IDN spoofing (CVE-2019-13674)
* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)
* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)
* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)
* chromium-browser: Download dialog spoofing (CVE-2019-13678)
* chromium-browser: User gesture needed for printing (CVE-2019-13679)
* chromium-browser: IP address spoofing to servers (CVE-2019-13680)
* chromium-browser: Bypass on download restrictions (CVE-2019-13681)
* chromium-browser: Site isolation bypass (CVE-2019-13682)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.

References

https://access.redhat.com/security/cve/CVE-2019-5870 https://access.redhat.com/security/cve/CVE-2019-5871 https://access.redhat.com/security/cve/CVE-2019-5872 https://access.redhat.com/security/cve/CVE-2019-5874 https://access.redhat.com/security/cve/CVE-2019-5875 https://access.redhat.com/security/cve/CVE-2019-5876 https://access.redhat.com/security/cve/CVE-2019-5877 https://access.redhat.com/security/cve/CVE-2019-5878 https://access.redhat.com/security/cve/CVE-2019-5879 https://access.redhat.com/security/cve/CVE-2019-5880 https://access.redhat.com/security/cve/CVE-2019-5881 https://access.redhat.com/security/cve/CVE-2019-13659 https://access.redhat.com/security/cve/CVE-2019-13660 https://access.redhat.com/security/cve/CVE-2019-13661 https://access.redhat.com/security/cve/CVE-2019-13662 https://access.redhat.com/security/cve/CVE-2019-13663 https://access.redhat.com/security/cve/CVE-2019-13664 https://access.redhat.com/security/cve/CVE-2019-13665 https://access.redhat.com/security/cve/CVE-2019-13666 https://access.redhat.com/security/cve/CVE-2019-13667 https://access.redhat.com/security/cve/CVE-2019-13668 https://access.redhat.com/security/cve/CVE-2019-13669 https://access.redhat.com/security/cve/CVE-2019-13670 https://access.redhat.com/security/cve/CVE-2019-13671 https://access.redhat.com/security/cve/CVE-2019-13673 https://access.redhat.com/security/cve/CVE-2019-13674 https://access.redhat.com/security/cve/CVE-2019-13675 https://access.redhat.com/security/cve/CVE-2019-13676 https://access.redhat.com/security/cve/CVE-2019-13677 https://access.redhat.com/security/cve/CVE-2019-13678 https://access.redhat.com/security/cve/CVE-2019-13679 https://access.redhat.com/security/cve/CVE-2019-13680 https://access.redhat.com/security/cve/CVE-2019-13681 https://access.redhat.com/security/cve/CVE-2019-13682 https://access.redhat.com/security/cve/CVE-2019-13686 https://access.redhat.com/security/cve/CVE-2019-13688 https://access.redhat.com/security/cve/CVE-2019-13691 https://access.redhat.com/security/cve/CVE-2019-13692 https://access.redhat.com/security/cve/CVE-2019-13693 https://access.redhat.com/security/cve/CVE-2019-13694 https://access.redhat.com/security/cve/CVE-2019-13695 https://access.redhat.com/security/cve/CVE-2019-13696 https://access.redhat.com/security/cve/CVE-2019-13697 https://access.redhat.com/security/updates/classification/#critical

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
i686: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
x86_64: chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
x86_64: chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
i686: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
x86_64: chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
i686: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
x86_64: chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2019:3211-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3211
Issued Date: : 2019-10-29
CVE Names: CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13686 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64


Bugs Fixed

1762366 - CVE-2019-5870 chromium-browser: Use-after-free in media

1762367 - CVE-2019-5871 chromium-browser: Heap overflow in Skia

1762368 - CVE-2019-5872 chromium-browser: Use-after-free in Mojo

1762370 - CVE-2019-5874 chromium-browser: External URIs may trigger other browsers

1762371 - CVE-2019-5875 chromium-browser: URL bar spoof via download redirect

1762372 - CVE-2019-13691 chromium-browser: Omnibox spoof

1762373 - CVE-2019-13692 chromium-browser: SOP bypass

1762374 - CVE-2019-5876 chromium-browser: Use-after-free in media

1762375 - CVE-2019-5877 chromium-browser: Out-of-bounds access in V8

1762376 - CVE-2019-5878 chromium-browser: Use-after-free in V8

1762377 - CVE-2019-5879 chromium-browser: Extensions can read some local files

1762378 - CVE-2019-5880 chromium-browser: SameSite cookie bypass

1762379 - CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader

1762380 - CVE-2019-13659 chromium-browser: URL spoof

1762381 - CVE-2019-13660 chromium-browser: Full screen notification overlap

1762382 - CVE-2019-13661 chromium-browser: Full screen notification spoof

1762383 - CVE-2019-13662 chromium-browser: CSP bypass

1762384 - CVE-2019-13663 chromium-browser: IDN spoof

1762385 - CVE-2019-13664 chromium-browser: CSRF bypass

1762386 - CVE-2019-13665 chromium-browser: Multiple file download protection bypass

1762387 - CVE-2019-13666 chromium-browser: Side channel using storage size estimate

1762388 - CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs

1762389 - CVE-2019-13668 chromium-browser: Global window leak via console

1762390 - CVE-2019-13669 chromium-browser: HTTP authentication spoof

1762391 - CVE-2019-13670 chromium-browser: V8 memory corruption in regex

1762392 - CVE-2019-13671 chromium-browser: Dialog box fails to show origin

1762393 - CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools

1762394 - CVE-2019-13674 chromium-browser: IDN spoofing

1762395 - CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash

1762396 - CVE-2019-13676 chromium-browser: Google URI shown for certificate warning

1762397 - CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated

1762398 - CVE-2019-13678 chromium-browser: Download dialog spoofing

1762399 - CVE-2019-13679 chromium-browser: User gesture needed for printing

1762400 - CVE-2019-13680 chromium-browser: IP address spoofing to servers

1762401 - CVE-2019-13681 chromium-browser: Bypass on download restrictions

1762402 - CVE-2019-13682 chromium-browser: Site isolation bypass

1762474 - CVE-2019-13688 chromium-browser: Use-after-free in media

1762476 - CVE-2019-13686 chromium-browser: Use-after-free in offline pages

1762518 - CVE-2019-13693 chromium-browser: Use-after-free in IndexedDB

1762519 - CVE-2019-13694 chromium-browser: Use-after-free in WebRTC

1762520 - CVE-2019-13695 chromium-browser: Use-after-free in audio

1762521 - CVE-2019-13696 chromium-browser: Use-after-free in V8

1762522 - CVE-2019-13697 chromium-browser: Cross-origin size leak


Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved