RedHat: RHSA-2020-2544-01 Important: Chromium Browser Security Update

red hat

June 15, 2020

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 83.0.4103.97.
Security Fix(es):
* chromium-browser: Use after free in reader mode (CVE-2020-6465)
* chromium-browser: Use after free in media (CVE-2020-6466)
* chromium-browser: Use after free in WebRTC (CVE-2020-6467)
* chromium-browser: Type Confusion in V8 (CVE-2020-6468)
* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2020-6469)
* chromium-browser: Use after free in WebAuthentication (CVE-2020-6493)
* chromium-browser: Incorrect security UI in payments (CVE-2020-6494)
* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2020-6495)
* chromium-browser: Use after free in payments (CVE-2020-6496)
* chromium-browser: Insufficient validation of untrusted input in clipboard (CVE-2020-6470)
* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2020-6471)
* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2020-6472)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6473)
* chromium-browser: Use after free in Blink (CVE-2020-6474)
* chromium-browser: Incorrect security UI in full screen (CVE-2020-6475)
* chromium-browser: Insufficient policy enforcement in tab strip (CVE-2020-6476)
* chromium-browser: Inappropriate implementation in full screen (CVE-2020-6478)
* chromium-browser: Inappropriate implementation in sharing (CVE-2020-6479)
* chromium-browser: Insufficient policy enforcement in enterprise (CVE-2020-6480)
* chromium-browser: Insufficient policy enforcement in URL formatting (CVE-2020-6481)
* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2020-6482)
* chromium-browser: Insufficient policy enforcement in payments (CVE-2020-6483)
* chromium-browser: Insufficient data validation in ChromeDriver (CVE-2020-6484)
* chromium-browser: Insufficient data validation in media router (CVE-2020-6485)
* chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6486)
* chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6487)
* chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6488)
* chromium-browser: Inappropriate implementation in developer tools (CVE-2020-6489)
* chromium-browser: Insufficient data validation in loader (CVE-2020-6490)
* chromium-browser: Incorrect security UI in site information (CVE-2020-6491)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics Covered

security advisory important red-hat chromium-browser linux-update security-fix

References

https://access.redhat.com/security/cve/CVE-2020-6465 https://access.redhat.com/security/cve/CVE-2020-6466 https://access.redhat.com/security/cve/CVE-2020-6467 https://access.redhat.com/security/cve/CVE-2020-6468 https://access.redhat.com/security/cve/CVE-2020-6469 https://access.redhat.com/security/cve/CVE-2020-6470 https://access.redhat.com/security/cve/CVE-2020-6471 https://access.redhat.com/security/cve/CVE-2020-6472 https://access.redhat.com/security/cve/CVE-2020-6473 https://access.redhat.com/security/cve/CVE-2020-6474 https://access.redhat.com/security/cve/CVE-2020-6475 https://access.redhat.com/security/cve/CVE-2020-6476 https://access.redhat.com/security/cve/CVE-2020-6478 https://access.redhat.com/security/cve/CVE-2020-6479 https://access.redhat.com/security/cve/CVE-2020-6480 https://access.redhat.com/security/cve/CVE-2020-6481 https://access.redhat.com/security/cve/CVE-2020-6482 https://access.redhat.com/security/cve/CVE-2020-6483 https://access.redhat.com/security/cve/CVE-2020-6484 https://access.redhat.com/security/cve/CVE-2020-6485 https://access.redhat.com/security/cve/CVE-2020-6486 https://access.redhat.com/security/cve/CVE-2020-6487 https://access.redhat.com/security/cve/CVE-2020-6488 https://access.redhat.com/security/cve/CVE-2020-6489 Read the Full Advisory

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-83.0.4103.97-1.el6_10.i686.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
i686: chromium-browser-83.0.4103.97-1.el6_10.i686.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
x86_64: chromium-browser-83.0.4103.97-1.el6_10.x86_64.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-83.0.4103.97-1.el6_10.i686.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
x86_64: chromium-browser-83.0.4103.97-1.el6_10.x86_64.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-83.0.4103.97-1.el6_10.i686.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
i686: chromium-browser-83.0.4103.97-1.el6_10.i686.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
x86_64: chromium-browser-83.0.4103.97-1.el6_10.x86_64.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-83.0.4103.97-1.el6_10.i686.rpm chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
i686:

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2020:2544-01

Product: Red Hat Enterprise Linux Supplementary

Advisory URL: https://access.redhat.com/errata/RHSA-2020:2544

Issue date: 2020-06-15

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics Covered

security advisory important red-hat chromium-browser linux-update security-fix

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

Bugs Fixed

1837877 - CVE-2020-6465 chromium-browser: Use after free in reader mode

1837878 - CVE-2020-6466 chromium-browser: Use after free in media

1837879 - CVE-2020-6467 chromium-browser: Use after free in WebRTC

1837880 - CVE-2020-6468 chromium-browser: Type Confusion in V8

1837882 - CVE-2020-6470 chromium-browser: Insufficient validation of untrusted input in clipboard

1837883 - CVE-2020-6471 chromium-browser: Insufficient policy enforcement in developer tools

1837884 - CVE-2020-6472 chromium-browser: Insufficient policy enforcement in developer tools

1837885 - CVE-2020-6473 chromium-browser: Insufficient policy enforcement in Blink

1837886 - CVE-2020-6474 chromium-browser: Use after free in Blink

1837887 - CVE-2020-6475 chromium-browser: Incorrect security UI in full screen

1837889 - CVE-2020-6478 chromium-browser: Inappropriate implementation in full screen

1837890 - CVE-2020-6480 chromium-browser: Insufficient policy enforcement in enterprise

1837891 - CVE-2020-6481 chromium-browser: Insufficient policy enforcement in URL formatting

1837892 - CVE-2020-6482 chromium-browser: Insufficient policy enforcement in developer tools

1837893 - CVE-2020-6483 chromium-browser: Insufficient policy enforcement in payments

1837894 - CVE-2020-6484 chromium-browser: Insufficient data validation in ChromeDriver

1837896 - CVE-2020-6485 chromium-browser: Insufficient data validation in media router

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

RedHat: RHSA-2020-2544-01 Important: Chromium Browser Security Update

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

RedHat: RHSA-2020-2544-01 Important: Chromium Browser Security Update

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!