—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: chromium-browser security update
Advisory ID: RHSA-2019:3211-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3211
Issue date: 2019-10-29
CVE Names: CVE-2019-5870 CVE-2019-5871 CVE-2019-5872
CVE-2019-5874 CVE-2019-5875 CVE-2019-5876
CVE-2019-5877 CVE-2019-5878 CVE-2019-5879
CVE-2019-5880 CVE-2019-5881 CVE-2019-13659
CVE-2019-13660 CVE-2019-13661 CVE-2019-13662
CVE-2019-13663 CVE-2019-13664 CVE-2019-13665
CVE-2019-13666 CVE-2019-13667 CVE-2019-13668
CVE-2019-13669 CVE-2019-13670 CVE-2019-13671
CVE-2019-13673 CVE-2019-13674 CVE-2019-13675
CVE-2019-13676 CVE-2019-13677 CVE-2019-13678
CVE-2019-13679 CVE-2019-13680 CVE-2019-13681
CVE-2019-13682 CVE-2019-13686 CVE-2019-13688
CVE-2019-13691 CVE-2019-13692 CVE-2019-13693
CVE-2019-13694 CVE-2019-13695 CVE-2019-13696
CVE-2019-13697
=====================================================================
1. Summary:
An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) – i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) – i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) – i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) – i386, i686, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 77.0.3865.120.
Security Fix(es):
* chromium-browser: Use-after-free in media (CVE-2019-5870)
* chromium-browser: Heap overflow in Skia (CVE-2019-5871)
* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)
* chromium-browser: External URIs may trigger other browsers
(CVE-2019-5874)
* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)
* chromium-browser: Use-after-free in media (CVE-2019-5876)
* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)
* chromium-browser: Use-after-free in V8 (CVE-2019-5878)
* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)
* chromium-browser: Use-after-free in media (CVE-2019-13688)
* chromium-browser: Omnibox spoof (CVE-2019-13691)
* chromium-browser: SOP bypass (CVE-2019-13692)
* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)
* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)
* chromium-browser: Use-after-free in audio (CVE-2019-13695)
* chromium-browser: Use-after-free in V8 (CVE-2019-13696)
* chromium-browser: Cross-origin size leak (CVE-2019-13697)
* chromium-browser: Extensions can read some local files (CVE-2019-5879)
* chromium-browser: SameSite cookie bypass (CVE-2019-5880)
* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)
* chromium-browser: URL spoof (CVE-2019-13659)
* chromium-browser: Full screen notification overlap (CVE-2019-13660)
* chromium-browser: Full screen notification spoof (CVE-2019-13661)
* chromium-browser: CSP bypass (CVE-2019-13662)
* chromium-browser: IDN spoof (CVE-2019-13663)
* chromium-browser: CSRF bypass (CVE-2019-13664)
* chromium-browser: Multiple file download protection bypass
(CVE-2019-13665)
* chromium-browser: Side channel using storage size estimate
(CVE-2019-13666)
* chromium-browser: URI bar spoof when using external app URIs
(CVE-2019-13667)
* chromium-browser: Global window leak via console (CVE-2019-13668)
* chromium-browser: HTTP authentication spoof (CVE-2019-13669)
* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)
* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)
* chromium-browser: Cross-origin information leak using devtools
(CVE-2019-13673)
* chromium-browser: IDN spoofing (CVE-2019-13674)
* chromium-browser: Extensions can be disabled by trailing slash
(CVE-2019-13675)
* chromium-browser: Google URI shown for certificate warning
(CVE-2019-13676)
* chromium-browser: Chrome web store origin needs to be isolated
(CVE-2019-13677)
* chromium-browser: Download dialog spoofing (CVE-2019-13678)
* chromium-browser: User gesture needed for printing (CVE-2019-13679)
* chromium-browser: IP address spoofing to servers (CVE-2019-13680)
* chromium-browser: Bypass on download restrictions (CVE-2019-13681)
* chromium-browser: Site isolation bypass (CVE-2019-13682)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1762366 – CVE-2019-5870 chromium-browser: Use-after-free in media
1762367 – CVE-2019-5871 chromium-browser: Heap overflow in Skia
1762368 – CVE-2019-5872 chromium-browser: Use-after-free in Mojo
1762370 – CVE-2019-5874 chromium-browser: External URIs may trigger other browsers
1762371 – CVE-2019-5875 chromium-browser: URL bar spoof via download redirect
1762372 – CVE-2019-13691 chromium-browser: Omnibox spoof
1762373 – CVE-2019-13692 chromium-browser: SOP bypass
1762374 – CVE-2019-5876 chromium-browser: Use-after-free in media
1762375 – CVE-2019-5877 chromium-browser: Out-of-bounds access in V8
1762376 – CVE-2019-5878 chromium-browser: Use-after-free in V8
1762377 – CVE-2019-5879 chromium-browser: Extensions can read some local files
1762378 – CVE-2019-5880 chromium-browser: SameSite cookie bypass
1762379 – CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader
1762380 – CVE-2019-13659 chromium-browser: URL spoof
1762381 – CVE-2019-13660 chromium-browser: Full screen notification overlap
1762382 – CVE-2019-13661 chromium-browser: Full screen notification spoof
1762383 – CVE-2019-13662 chromium-browser: CSP bypass
1762384 – CVE-2019-13663 chromium-browser: IDN spoof
1762385 – CVE-2019-13664 chromium-browser: CSRF bypass
1762386 – CVE-2019-13665 chromium-browser: Multiple file download protection bypass
1762387 – CVE-2019-13666 chromium-browser: Side channel using storage size estimate
1762388 – CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs
1762389 – CVE-2019-13668 chromium-browser: Global window leak via console
1762390 – CVE-2019-13669 chromium-browser: HTTP authentication spoof
1762391 – CVE-2019-13670 chromium-browser: V8 memory corruption in regex
1762392 – CVE-2019-13671 chromium-browser: Dialog box fails to show origin
1762393 – CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools
1762394 – CVE-2019-13674 chromium-browser: IDN spoofing
1762395 – CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash
1762396 – CVE-2019-13676 chromium-browser: Google URI shown for certificate warning
1762397 – CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated
1762398 – CVE-2019-13678 chromium-browser: Download dialog spoofing
1762399 – CVE-2019-13679 chromium-browser: User gesture needed for printing
1762400 – CVE-2019-13680 chromium-browser: IP address spoofing to servers
1762401 – CVE-2019-13681 chromium-browser: Bypass on download restrictions
1762402 – CVE-2019-13682 chromium-browser: Site isolation bypass
1762474 – CVE-2019-13688 chromium-browser: Use-after-free in media
1762476 – CVE-2019-13686 chromium-browser: Use-after-free in offline pages
1762518 – CVE-2019-13693 chromium-browser: Use-after-free in IndexedDB
1762519 – CVE-2019-13694 chromium-browser: Use-after-free in WebRTC
1762520 – CVE-2019-13695 chromium-browser: Use-after-free in audio
1762521 – CVE-2019-13696 chromium-browser: Use-after-free in V8
1762522 – CVE-2019-13697 chromium-browser: Cross-origin size leak
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm
x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-5870
https://access.redhat.com/security/cve/CVE-2019-5871
https://access.redhat.com/security/cve/CVE-2019-5872
https://access.redhat.com/security/cve/CVE-2019-5874
https://access.redhat.com/security/cve/CVE-2019-5875
https://access.redhat.com/security/cve/CVE-2019-5876
https://access.redhat.com/security/cve/CVE-2019-5877
https://access.redhat.com/security/cve/CVE-2019-5878
https://access.redhat.com/security/cve/CVE-2019-5879
https://access.redhat.com/security/cve/CVE-2019-5880
https://access.redhat.com/security/cve/CVE-2019-5881
https://access.redhat.com/security/cve/CVE-2019-13659
https://access.redhat.com/security/cve/CVE-2019-13660
https://access.redhat.com/security/cve/CVE-2019-13661
https://access.redhat.com/security/cve/CVE-2019-13662
https://access.redhat.com/security/cve/CVE-2019-13663
https://access.redhat.com/security/cve/CVE-2019-13664
https://access.redhat.com/security/cve/CVE-2019-13665
https://access.redhat.com/security/cve/CVE-2019-13666
https://access.redhat.com/security/cve/CVE-2019-13667
https://access.redhat.com/security/cve/CVE-2019-13668
https://access.redhat.com/security/cve/CVE-2019-13669
https://access.redhat.com/security/cve/CVE-2019-13670
https://access.redhat.com/security/cve/CVE-2019-13671
https://access.redhat.com/security/cve/CVE-2019-13673
https://access.redhat.com/security/cve/CVE-2019-13674
https://access.redhat.com/security/cve/CVE-2019-13675
https://access.redhat.com/security/cve/CVE-2019-13676
https://access.redhat.com/security/cve/CVE-2019-13677
https://access.redhat.com/security/cve/CVE-2019-13678
https://access.redhat.com/security/cve/CVE-2019-13679
https://access.redhat.com/security/cve/CVE-2019-13680
https://access.redhat.com/security/cve/CVE-2019-13681
https://access.redhat.com/security/cve/CVE-2019-13682
https://access.redhat.com/security/cve/CVE-2019-13686
https://access.redhat.com/security/cve/CVE-2019-13688
https://access.redhat.com/security/cve/CVE-2019-13691
https://access.redhat.com/security/cve/CVE-2019-13692
https://access.redhat.com/security/cve/CVE-2019-13693
https://access.redhat.com/security/cve/CVE-2019-13694
https://access.redhat.com/security/cve/CVE-2019-13695
https://access.redhat.com/security/cve/CVE-2019-13696
https://access.redhat.com/security/cve/CVE-2019-13697
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXbgGY9zjgjWX9erEAQj5wRAAm+j/C5YBPVUg7udi96drwCfuSa6gmk9L
NtbMW6kPN9zgCKb/hvB/jIzbn7OKUKUOvNc0oChsn2ZBUYoD807RWOs/yhAMw7qV
p/9uNGAgSmX77rcvWF0IGSG5xcwoVpPcN18ZFRtz6c3QrRo24wSOygDZVuXFjZ2Y
fBcwqtVDiwhCj2m64q9DXXdS0+Xf7h79xZYoBZHboHS5l/XupFL/E7VLp92uW/uX
mxgaLFi+BWau1aMXxxyzDn/yWD19ImAZ+i3e8tsDVyMJqZspkIlb6Gvskp7vLyqw
TtSxWUnopoR3LE5oEeBhnQoV6Pzuu5FFq+iQ/ZxM4vcKelUtNi/A6x/EQYsqRZ7v
p002vFgQweppzKdZqybAzRLuPeWWuoCDqOoCWJHGtce2CHi+MIX0P9PYkBZHmdI8
AI2L4CvH5xLwrZvQfNR/JwEr2TiC6WNkV96vGJcS10V7qPezRJWBTS6W/R26D9Wo
IkjP6XWxBUti9wUZ5Ij4ozb/RPaRuAGjYl3Y56M2X0vcCqaRb76/3J3BsJi9xhe0
InutsymfIQRhRoHNQWApvhNqu0pvPjpoArtssjvanKP1U92+jEp5SO3VoRHKm3Bk
231kkQHF2G5wfIQoyaivZO6dWW0eelJyHKennFIG9kbTYdtq1DkqxwJElRqLEmEP
eDhYjjUM1yo=
=/Xwd
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce