Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat Enterprise Linux RHSA-2020-1487 Critical Chromium Browser Patch

red hat
Calendar Grey April 16, 2020
Dist Redhat Esm H88
A critical patch for the chromium-browser on CentOS has been released, tackling several flaws and security threats.

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 81.0.4044.92.
Security Fix(es):
* chromium-browser: Use after free in audio (CVE-2020-6423)
* chromium-browser: Use after free in extensions (CVE-2020-6454)
* chromium-browser: Out of bounds read in WebSQL (CVE-2020-6455)
* chromium-browser: Type Confusion in V8 (CVE-2020-6430)
* chromium-browser: Insufficient policy enforcement in full screen (CVE-2020-6431)
* chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6432)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6433)
* chromium-browser: Use after free in devtools (CVE-2020-6434)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6435)
* chromium-browser: Use after free in window management (CVE-2020-6436)
* chromium-browser: Insufficient validation of untrusted input in clipboard (CVE-2020-6456)
* chromium-browser: Inappropriate implementation in WebView (CVE-2020-6437)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6438)
* chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6439)
* chromium-browser: Inappropriate implementation in extensions (CVE-2020-6440)
* chromium-browser: Insufficient policy enforcement in omnibox (CVE-2020-6441)
* chromium-browser: Inappropriate implementation in cache (CVE-2020-6442)
* chromium-browser: Insufficient data validation in developer tools (CVE-2020-6443)
* chromium-browser: Uninitialized use in WebRTC (CVE-2020-6444)
* chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6445)
* chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6446)
* chromium-browser: Inappropriate implementation in developer tools (CVE-2020-6447)
* chromium-browser: Use after free in V8 (CVE-2020-6448)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory update red hat important security chromium linux browser

References

https://access.redhat.com/security/cve/CVE-2020-6423 https://access.redhat.com/security/cve/CVE-2020-6430 https://access.redhat.com/security/cve/CVE-2020-6431 https://access.redhat.com/security/cve/CVE-2020-6432 https://access.redhat.com/security/cve/CVE-2020-6433 https://access.redhat.com/security/cve/CVE-2020-6434 https://access.redhat.com/security/cve/CVE-2020-6435 https://access.redhat.com/security/cve/CVE-2020-6436 https://access.redhat.com/security/cve/CVE-2020-6437 https://access.redhat.com/security/cve/CVE-2020-6438 https://access.redhat.com/security/cve/CVE-2020-6439 https://access.redhat.com/security/cve/CVE-2020-6440 https://access.redhat.com/security/cve/CVE-2020-6441 https://access.redhat.com/security/cve/CVE-2020-6442 https://access.redhat.com/security/cve/CVE-2020-6443 https://access.redhat.com/security/cve/CVE-2020-6444 https://access.redhat.com/security/cve/CVE-2020-6445 https://access.redhat.com/security/cve/CVE-2020-6446 https://access.redhat.com/security/cve/CVE-2020-6447 https://access.redhat.com/security/cve/CVE-2020-6448 https://access.redhat.com/security/cve/CVE-2020-6454 https://access.redhat.com/security/cve/CVE-2020-6455 https://access.redhat.com/security/cve/CVE-2020-6456 Read the Full Advisory

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-81.0.4044.92-2.el6_10.i686.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.i686.rpm
i686: chromium-browser-81.0.4044.92-2.el6_10.i686.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.i686.rpm
x86_64: chromium-browser-81.0.4044.92-2.el6_10.x86_64.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-81.0.4044.92-2.el6_10.i686.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.i686.rpm
x86_64: chromium-browser-81.0.4044.92-2.el6_10.x86_64.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-81.0.4044.92-2.el6_10.i686.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.i686.rpm
i686: chromium-browser-81.0.4044.92-2.el6_10.i686.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.i686.rpm
x86_64: chromium-browser-81.0.4044.92-2.el6_10.x86_64.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-81.0.4044.92-2.el6_10.i686.rpm chromium-browser-debuginfo-81.0.4044.92-2.el6_10.i686.rpm


Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:1487-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1487
Issue date: 2020-04-16

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory update red hat important security chromium linux browser

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

Bugs Fixed

1822604 - CVE-2020-6454 chromium-browser: Use after free in extensions

1822605 - CVE-2020-6423 chromium-browser: Use after free in audio

1822606 - CVE-2020-6455 chromium-browser: Out of bounds read in WebSQL

1822607 - CVE-2020-6430 chromium-browser: Type Confusion in V8

1822608 - CVE-2020-6456 chromium-browser: Insufficient validation of untrusted input in clipboard

1822609 - CVE-2020-6431 chromium-browser: Insufficient policy enforcement in full screen

1822610 - CVE-2020-6433 chromium-browser: Insufficient policy enforcement in extensions

1822611 - CVE-2020-6434 chromium-browser: Use after free in devtools

1822612 - CVE-2020-6435 chromium-browser: Insufficient policy enforcement in extensions

1822613 - CVE-2020-6436 chromium-browser: Use after free in window management

1822614 - CVE-2020-6437 chromium-browser: Inappropriate implementation in WebView

1822615 - CVE-2020-6438 chromium-browser: Insufficient policy enforcement in extensions

1822616 - CVE-2020-6439 chromium-browser: Insufficient policy enforcement in navigations

1822617 - CVE-2020-6440 chromium-browser: Inappropriate implementation in extensions

1822618 - CVE-2020-6441 chromium-browser: Insufficient policy enforcement in omnibox

1822619 - CVE-2020-6442 chromium-browser: Inappropriate implementation in cache

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here