Important: chromium-browser security update

Synopsis

Important: chromium-browser security update

Type/Severity

Security Advisory: Important

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 69.0.3497.81.

Security Fix(es):

• chromium-browser: Out of bounds write in V8 (CVE-2018-16065)
  
• chromium-browser: Out of bounds read in Blink (CVE-2018-16066)
  
• chromium-browser: Out of bounds read in WebAudio (CVE-2018-16067)
  
• chromium-browser: Out of bounds write in Mojo (CVE-2018-16068)
  
• chromium-browser: Out of bounds read in SwiftShader (CVE-2018-16069)
  
• chromium-browser: Integer overflow in Skia (CVE-2018-16070)
  
• chromium-browser: Use after free in WebRTC (CVE-2018-16071)
  
• chromium-browser: Site Isolation bypass after tab restore (CVE-2018-16073)
  
• chromium-browser: Site Isolation bypass using Blob URLS (CVE-2018-16074)
  
• chromium-browser: Local file access in Blink (CVE-2018-16075)
  
• chromium-browser: Out of bounds read in PDFium (CVE-2018-16076)
  
• chromium-browser: Content security policy bypass in Blink (CVE-2018-16077)
  
• chromium-browser: Credit card information leak in Autofill (CVE-2018-16078)
  
• chromium-browser: URL spoof in permission dialogs (CVE-2018-16079)
  
• chromium-browser: URL spoof in full screen mode (CVE-2018-16080)
  
• chromium-browser: Local file access in DevTools (CVE-2018-16081)
  
• chromium-browser: Stack buffer overflow in SwiftShader (CVE-2018-16082)
  
• chromium-browser: Out of bounds read in WebRTC (CVE-2018-16083)
  
• chromium-browser: User confirmation bypass in external protocol handling (CVE-2018-16084)
  
• chromium-browser: Use after free in Memory Instrumentation (CVE-2018-16085)
  
• chromium-browser: Script injection in New Tab Page (CVE-2018-16086)
  
• chromium-browser: Multiple download restriction bypass (CVE-2018-16087)
  
• chromium-browser: User gesture requirement bypass (CVE-2018-16088)
  

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386

Fixes

• BZ - 1625466 - CVE-2018-16065 chromium-browser: Out of bounds write in V8
• BZ - 1625467 - CVE-2018-16066 chromium-browser: Out of bounds read in Blink
• BZ - 1625469 - CVE-2018-16067 chromium-browser: Out of bounds read in WebAudio
• BZ - 1625470 - CVE-2018-16068 chromium-browser: Out of bounds write in Mojo
• BZ - 1625471 - CVE-2018-16069 chromium-browser: Out of bounds read in SwiftShader
• BZ - 1625472 - CVE-2018-16070 chromium-browser: Integer overflow in Skia
• BZ - 1625473 - CVE-2018-16071 chromium-browser: Use after free in WebRTC
• BZ - 1625475 - CVE-2018-16073 chromium-browser: Site Isolation bypass after tab restore
• BZ - 1625476 - CVE-2018-16074 chromium-browser: Site Isolation bypass using Blob URLS
• BZ - 1625477 - CVE-2018-16075 chromium-browser: Local file access in Blink
• BZ - 1625478 - CVE-2018-16076 chromium-browser: Out of bounds read in PDFium
• BZ - 1625479 - CVE-2018-16077 chromium-browser: Content security policy bypass in Blink
• BZ - 1625480 - CVE-2018-16078 chromium-browser: Credit card information leak in Autofill
• BZ - 1625481 - CVE-2018-16079 chromium-browser: URL spoof in permission dialogs
• BZ - 1625482 - CVE-2018-16080 chromium-browser: URL spoof in full screen mode
• BZ - 1625484 - CVE-2018-16081 chromium-browser: Local file access in DevTools
• BZ - 1625485 - CVE-2018-16082 chromium-browser: Stack buffer overflow in SwiftShader
• BZ - 1625486 - CVE-2018-16083 chromium-browser: Out of bounds read in WebRTC
• BZ - 1625487 - CVE-2018-16084 chromium-browser: User confirmation bypass in external protocol handling
• BZ - 1625488 - CVE-2018-16085 chromium-browser: Use after free in Memory Instrumentation
• BZ - 1626286 - CVE-2018-16088 chromium-browser: User gesture requirement bypass
• BZ - 1626287 - CVE-2018-16087 chromium-browser: Multiple download restriction bypass
• BZ - 1626288 - CVE-2018-16086 chromium-browser: Script injection in New Tab Page

CVEs

• CVE-2018-16065
• CVE-2018-16066
• CVE-2018-16067
• CVE-2018-16068
• CVE-2018-16069
• CVE-2018-16070
• CVE-2018-16071
• CVE-2018-16073
• CVE-2018-16074
• CVE-2018-16075
• CVE-2018-16076
• CVE-2018-16077
• CVE-2018-16078
• CVE-2018-16079
• CVE-2018-16080
• CVE-2018-16081
• CVE-2018-16082
• CVE-2018-16083
• CVE-2018-16084
• CVE-2018-16085
• CVE-2018-16086
• CVE-2018-16087
• CVE-2018-16088

References

• https://access.redhat.com/security/updates/classification/#important