Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Critical: chromium-browser security update

Related Vulnerabilities: CVE-2020-15967   CVE-2020-15968   CVE-2020-15969   CVE-2020-15970   CVE-2020-15971   CVE-2020-15972   CVE-2020-15990   CVE-2020-15991   CVE-2020-6557   CVE-2020-15973   CVE-2020-15974   CVE-2020-15975   CVE-2020-15976   CVE-2020-15977   CVE-2020-15978   CVE-2020-15979   CVE-2020-15980   CVE-2020-15981   CVE-2020-15982   CVE-2020-15983   CVE-2020-15984   CVE-2020-15985   CVE-2020-15986   CVE-2020-15987   CVE-2020-15992   CVE-2020-15988   CVE-2020-15989   CVE-2020-15967   CVE-2020-15968   CVE-2020-15969   CVE-2020-15970   CVE-2020-15971   CVE-2020-15972   CVE-2020-15990   CVE-2020-15991   CVE-2020-15973   CVE-2020-15974   CVE-2020-15975   CVE-2020-15976   CVE-2020-6557   CVE-2020-15977   CVE-2020-15978   CVE-2020-15979   CVE-2020-15980   CVE-2020-15981   CVE-2020-15982   CVE-2020-15983   CVE-2020-15984   CVE-2020-15985   CVE-2020-15986   CVE-2020-15987   CVE-2020-15992   CVE-2020-15988   CVE-2020-15989   CVE-2020-6557   CVE-2020-15967   CVE-2020-15968   CVE-2020-15969   CVE-2020-15970   CVE-2020-15971   CVE-2020-15972   CVE-2020-15973   CVE-2020-15974   CVE-2020-15975   CVE-2020-15976   CVE-2020-15977   CVE-2020-15978   CVE-2020-15979   CVE-2020-15980   CVE-2020-15981   CVE-2020-15982   CVE-2020-15983   CVE-2020-15984   CVE-2020-15985   CVE-2020-15986   CVE-2020-15987   CVE-2020-15988   CVE-2020-15989   CVE-2020-15990   CVE-2020-15991   CVE-2020-15992  

Source

Synopsis

Critical: chromium-browser security update

Type/Severity

Security Advisory: Critical

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 86.0.4240.75.

Security Fix(es):

  • chromium-browser: Use after free in payments (CVE-2020-15967)
  • chromium-browser: Use after free in Blink (CVE-2020-15968)
  • chromium-browser: Use after free in WebRTC (CVE-2020-15969)
  • chromium-browser: Use after free in NFC (CVE-2020-15970)
  • chromium-browser: Use after free in printing (CVE-2020-15971)
  • chromium-browser: Use after free in audio (CVE-2020-15972)
  • chromium-browser: Use after free in autofill (CVE-2020-15990)
  • chromium-browser: Use after free in password manager (CVE-2020-15991)
  • chromium-browser: Inappropriate implementation in networking (CVE-2020-6557)
  • chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-15973)
  • chromium-browser: Integer overflow in Blink (CVE-2020-15974)
  • chromium-browser: Integer overflow in SwiftShader (CVE-2020-15975)
  • chromium-browser: Use after free in WebXR (CVE-2020-15976)
  • chromium-browser: Insufficient data validation in dialogs (CVE-2020-15977)
  • chromium-browser: Insufficient data validation in navigation (CVE-2020-15978)
  • chromium-browser: Inappropriate implementation in V8 (CVE-2020-15979)
  • chromium-browser: Insufficient policy enforcement in Intents (CVE-2020-15980)
  • chromium-browser: Out of bounds read in audio (CVE-2020-15981)
  • chromium-browser: Side-channel information leakage in cache (CVE-2020-15982)
  • chromium-browser: Insufficient data validation in webUI (CVE-2020-15983)
  • chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2020-15984)
  • chromium-browser: Inappropriate implementation in Blink (CVE-2020-15985)
  • chromium-browser: Integer overflow in media (CVE-2020-15986)
  • chromium-browser: Use after free in WebRTC (CVE-2020-15987)
  • chromium-browser: Insufficient policy enforcement in networking (CVE-2020-15992)
  • chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-15988)
  • chromium-browser: Uninitialized use in PDFium (CVE-2020-15989)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1885883 - CVE-2020-15967 chromium-browser: Use after free in payments
  • BZ - 1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink
  • BZ - 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
  • BZ - 1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC
  • BZ - 1885887 - CVE-2020-15971 chromium-browser: Use after free in printing
  • BZ - 1885888 - CVE-2020-15972 chromium-browser: Use after free in audio
  • BZ - 1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill
  • BZ - 1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager
  • BZ - 1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions
  • BZ - 1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink
  • BZ - 1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader
  • BZ - 1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR
  • BZ - 1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking
  • BZ - 1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs
  • BZ - 1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation
  • BZ - 1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8
  • BZ - 1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents
  • BZ - 1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio
  • BZ - 1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache
  • BZ - 1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI
  • BZ - 1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox
  • BZ - 1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink
  • BZ - 1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media
  • BZ - 1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC
  • BZ - 1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking
  • BZ - 1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads
  • BZ - 1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started