RedHat: RHSA-2020-3723:01 Important: chromium-browser security update
Summary
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 85.0.4183.83.
Security Fix(es):
* chromium-browser: Use after free in presentation API (CVE-2020-6559)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6571)
* chromium-browser: Insufficient policy enforcement in autofill
(CVE-2020-6560)
* chromium-browser: Inappropriate implementation in Content Security Policy
(CVE-2020-6561)
* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6562)
* chromium-browser: Insufficient policy enforcement in intent handling
(CVE-2020-6563)
* chromium-browser: Incorrect security UI in permissions (CVE-2020-6564)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6565)
* chromium-browser: Insufficient policy enforcement in media
(CVE-2020-6566)
* chromium-browser: Insufficient validation of untrusted input in command
line handling (CVE-2020-6567)
* chromium-browser: Insufficient policy enforcement in intent handling
(CVE-2020-6568)
* chromium-browser: Integer overflow in WebUSB (CVE-2020-6569)
* chromium-browser: Side-channel information leakage in WebRTC
(CVE-2020-6570)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
References
https://access.redhat.com/security/cve/CVE-2020-6559 https://access.redhat.com/security/cve/CVE-2020-6560 https://access.redhat.com/security/cve/CVE-2020-6561 https://access.redhat.com/security/cve/CVE-2020-6562 https://access.redhat.com/security/cve/CVE-2020-6563 https://access.redhat.com/security/cve/CVE-2020-6564 https://access.redhat.com/security/cve/CVE-2020-6565 https://access.redhat.com/security/cve/CVE-2020-6566 https://access.redhat.com/security/cve/CVE-2020-6567 https://access.redhat.com/security/cve/CVE-2020-6568 https://access.redhat.com/security/cve/CVE-2020-6569 https://access.redhat.com/security/cve/CVE-2020-6570 https://access.redhat.com/security/cve/CVE-2020-6571 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-85.0.4183.83-1.el6_10.i686.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
i686:
chromium-browser-85.0.4183.83-1.el6_10.i686.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
x86_64:
chromium-browser-85.0.4183.83-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686:
chromium-browser-85.0.4183.83-1.el6_10.i686.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
x86_64:
chromium-browser-85.0.4183.83-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-85.0.4183.83-1.el6_10.i686.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
i686:
chromium-browser-85.0.4183.83-1.el6_10.i686.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
x86_64:
chromium-browser-85.0.4183.83-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-85.0.4183.83-1.el6_10.i686.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
i686:
chromium-browser-85.0.4183.83-1.el6_10.i686.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
x86_64:
chromium-browser-85.0.4183.83-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-85.0.4183.83-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64
Bugs Fixed
1872945 - CVE-2020-6559 chromium-browser: Use after free in presentation API
1872946 - CVE-2020-6560 chromium-browser: Insufficient policy enforcement in autofill
1872947 - CVE-2020-6561 chromium-browser: Inappropriate implementation in Content Security Policy
1872948 - CVE-2020-6562 chromium-browser: Insufficient policy enforcement in Blink
1872949 - CVE-2020-6563 chromium-browser: Insufficient policy enforcement in intent handling
1872950 - CVE-2020-6564 chromium-browser: Incorrect security UI in permissions
1872951 - CVE-2020-6565 chromium-browser: Incorrect security UI in Omnibox
1872952 - CVE-2020-6566 chromium-browser: Insufficient policy enforcement in media
1872953 - CVE-2020-6567 chromium-browser: Insufficient validation of untrusted input in command line handling
1872955 - CVE-2020-6568 chromium-browser: Insufficient policy enforcement in intent handling
1872956 - CVE-2020-6569 chromium-browser: Integer overflow in WebUSB
1872957 - CVE-2020-6570 chromium-browser: Side-channel information leakage in WebRTC
1872958 - CVE-2020-6571 chromium-browser: Incorrect security UI in Omnibox