Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: chromium-browser security update

Related Vulnerabilities: CVE-2019-13699   CVE-2019-13700   CVE-2019-13701   CVE-2019-13702   CVE-2019-13703   CVE-2019-13704   CVE-2019-13705   CVE-2019-13706   CVE-2019-13707   CVE-2019-13708   CVE-2019-13709   CVE-2019-13710   CVE-2019-13711   CVE-2019-13713   CVE-2019-13714   CVE-2019-13715   CVE-2019-13716   CVE-2019-13717   CVE-2019-13718   CVE-2019-13719   CVE-2019-13699   CVE-2019-13700   CVE-2019-13701   CVE-2019-13702   CVE-2019-13703   CVE-2019-13704   CVE-2019-13705   CVE-2019-13706   CVE-2019-13707   CVE-2019-13708   CVE-2019-13709   CVE-2019-13710   CVE-2019-13711   CVE-2019-13713   CVE-2019-13714   CVE-2019-13715   CVE-2019-13716   CVE-2019-13717   CVE-2019-13718   CVE-2019-13719   CVE-2019-13699   CVE-2019-13700   CVE-2019-13701   CVE-2019-13702   CVE-2019-13703   CVE-2019-13704   CVE-2019-13705   CVE-2019-13706   CVE-2019-13707   CVE-2019-13708   CVE-2019-13709   CVE-2019-13710   CVE-2019-13711   CVE-2019-13713   CVE-2019-13714   CVE-2019-13715   CVE-2019-13716   CVE-2019-13717   CVE-2019-13718   CVE-2019-13719  

Source

Synopsis

Important: chromium-browser security update

Type/Severity

Security Advisory: Important

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 78.0.3904.70.

Security Fix(es):

  • chromium-browser: Use-after-free in media (CVE-2019-13699)
  • chromium-browser: Buffer overrun in Blink (CVE-2019-13700)
  • chromium-browser: URL spoof in navigation (CVE-2019-13701)
  • chromium-browser: Privilege elevation in Installer (CVE-2019-13702)
  • chromium-browser: URL bar spoofing (CVE-2019-13703)
  • chromium-browser: CSP bypass (CVE-2019-13704)
  • chromium-browser: Extension permission bypass (CVE-2019-13705)
  • chromium-browser: Out-of-bounds read in PDFium (CVE-2019-13706)
  • chromium-browser: File storage disclosure (CVE-2019-13707)
  • chromium-browser: HTTP authentication spoof (CVE-2019-13708)
  • chromium-browser: File download protection bypass (CVE-2019-13709)
  • chromium-browser: File download protection bypass (CVE-2019-13710)
  • chromium-browser: Cross-context information leak (CVE-2019-13711)
  • chromium-browser: Cross-origin data leak (CVE-2019-13713)
  • chromium-browser: CSS injection (CVE-2019-13714)
  • chromium-browser: Address bar spoofing (CVE-2019-13715)
  • chromium-browser: Service worker state error (CVE-2019-13716)
  • chromium-browser: Notification obscured (CVE-2019-13717)
  • chromium-browser: IDN spoof (CVE-2019-13718)
  • chromium-browser: Notification obscured (CVE-2019-13719)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1764756 - CVE-2019-13699 chromium-browser: Use-after-free in media
  • BZ - 1764757 - CVE-2019-13700 chromium-browser: Buffer overrun in Blink
  • BZ - 1764758 - CVE-2019-13701 chromium-browser: URL spoof in navigation
  • BZ - 1764759 - CVE-2019-13702 chromium-browser: Privilege elevation in Installer
  • BZ - 1764760 - CVE-2019-13703 chromium-browser: URL bar spoofing
  • BZ - 1764761 - CVE-2019-13704 chromium-browser: CSP bypass
  • BZ - 1764762 - CVE-2019-13705 chromium-browser: Extension permission bypass
  • BZ - 1764763 - CVE-2019-13706 chromium-browser: Out-of-bounds read in PDFium
  • BZ - 1764764 - CVE-2019-13707 chromium-browser: File storage disclosure
  • BZ - 1764765 - CVE-2019-13708 chromium-browser: HTTP authentication spoof
  • BZ - 1764766 - CVE-2019-13709 chromium-browser: File download protection bypass
  • BZ - 1764767 - CVE-2019-13710 chromium-browser: File download protection bypass
  • BZ - 1764768 - CVE-2019-13711 chromium-browser: Cross-context information leak
  • BZ - 1764769 - CVE-2019-13713 chromium-browser: Cross-origin data leak
  • BZ - 1764770 - CVE-2019-13714 chromium-browser: CSS injection
  • BZ - 1764771 - CVE-2019-13715 chromium-browser: Address bar spoofing
  • BZ - 1764772 - CVE-2019-13716 chromium-browser: Service worker state error
  • BZ - 1764773 - CVE-2019-13717 chromium-browser: Notification obscured
  • BZ - 1764774 - CVE-2019-13718 chromium-browser: IDN spoof
  • BZ - 1764775 - CVE-2019-13719 chromium-browser: Notification obscured

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started