- Issued:
- 2016-04-18
- Updated:
- 2016-04-18
RHSA-2016:0638 - Security Advisory
Synopsis
Important: chromium-browser security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 50.0.2661.75.
Security Fix(es):
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1652, CVE-2016-1653, CVE-2016-1651, CVE-2016-1654, CVE-2016-1655, CVE-2016-1656, CVE-2016-1657, CVE-2016-1658, CVE-2016-1659)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.7 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.7 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7 x86_64
- Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7 i386
Fixes
- BZ - 1327109 - CVE-2016-1652 chromium-browser: universal XSS in extension bindings
- BZ - 1327110 - CVE-2016-1653 chromium-browser: out-of-bounds write in V8
- BZ - 1327111 - CVE-2016-1651 chromium-browser: out-of-bounds read in Pdfium JPEG2000 decoding
- BZ - 1327112 - CVE-2016-1654 chromium-browser: uninitialized memory read in media
- BZ - 1327113 - CVE-2016-1655 chromium-browser: use-after-free related to extensions
- BZ - 1327114 - CVE-2016-1656 chromium-browser: android downloaded file path restriction bypass
- BZ - 1327115 - CVE-2016-1657 chromium-browser: address bar spoofing
- BZ - 1327117 - CVE-2016-1658 chromium-browser: potential leak of sensitive information to malicious extensions
- BZ - 1327120 - CVE-2016-1659 chromium-browser: various fixes from internal audits
CVEs
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 68fe5ec87094e6b269e94fc38abdb7bd45c011a1e335a74a9508290b1f3b5d72 |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 7a708c3bbbb2deefb0939dfff6570d0f6934feb78003e3fe8f2dcb8efb87e15d |
| i386 | |
| chromium-browser-50.0.2661.75-1.el6.i686.rpm | SHA-256: 6b1998e0f7e6371df8fff93de43d5b2f6c5447e04ef9549233cff0e9b3950b6f |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.i686.rpm | SHA-256: d5ae67770299794e0c8d8779c7d1be67df17c0ba39620be12d5252e1e8967bb3 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.7
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 68fe5ec87094e6b269e94fc38abdb7bd45c011a1e335a74a9508290b1f3b5d72 |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 7a708c3bbbb2deefb0939dfff6570d0f6934feb78003e3fe8f2dcb8efb87e15d |
| i386 | |
| chromium-browser-50.0.2661.75-1.el6.i686.rpm | SHA-256: 6b1998e0f7e6371df8fff93de43d5b2f6c5447e04ef9549233cff0e9b3950b6f |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.i686.rpm | SHA-256: d5ae67770299794e0c8d8779c7d1be67df17c0ba39620be12d5252e1e8967bb3 |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 68fe5ec87094e6b269e94fc38abdb7bd45c011a1e335a74a9508290b1f3b5d72 |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 7a708c3bbbb2deefb0939dfff6570d0f6934feb78003e3fe8f2dcb8efb87e15d |
| i386 | |
| chromium-browser-50.0.2661.75-1.el6.i686.rpm | SHA-256: 6b1998e0f7e6371df8fff93de43d5b2f6c5447e04ef9549233cff0e9b3950b6f |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.i686.rpm | SHA-256: d5ae67770299794e0c8d8779c7d1be67df17c0ba39620be12d5252e1e8967bb3 |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 68fe5ec87094e6b269e94fc38abdb7bd45c011a1e335a74a9508290b1f3b5d72 |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 7a708c3bbbb2deefb0939dfff6570d0f6934feb78003e3fe8f2dcb8efb87e15d |
| i386 | |
| chromium-browser-50.0.2661.75-1.el6.i686.rpm | SHA-256: 6b1998e0f7e6371df8fff93de43d5b2f6c5447e04ef9549233cff0e9b3950b6f |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.i686.rpm | SHA-256: d5ae67770299794e0c8d8779c7d1be67df17c0ba39620be12d5252e1e8967bb3 |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 68fe5ec87094e6b269e94fc38abdb7bd45c011a1e335a74a9508290b1f3b5d72 |
| i386 | |
| chromium-browser-50.0.2661.75-1.el6.i686.rpm | SHA-256: 6b1998e0f7e6371df8fff93de43d5b2f6c5447e04ef9549233cff0e9b3950b6f |
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 68fe5ec87094e6b269e94fc38abdb7bd45c011a1e335a74a9508290b1f3b5d72 |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.x86_64.rpm | SHA-256: 7a708c3bbbb2deefb0939dfff6570d0f6934feb78003e3fe8f2dcb8efb87e15d |
| i386 | |
| chromium-browser-50.0.2661.75-1.el6.i686.rpm | SHA-256: 6b1998e0f7e6371df8fff93de43d5b2f6c5447e04ef9549233cff0e9b3950b6f |
| chromium-browser-debuginfo-50.0.2661.75-1.el6.i686.rpm | SHA-256: d5ae67770299794e0c8d8779c7d1be67df17c0ba39620be12d5252e1e8967bb3 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.