- Issued:
- 2017-11-07
- Updated:
- 2017-11-07
RHSA-2017:3151 - Security Advisory
Synopsis
Critical: chromium-browser security update
Type/Severity
Security Advisory: Critical
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 62.0.3202.89.
Security Fix(es):
- Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-15398, CVE-2017-15399)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
Fixes
- BZ - 1510429 - CVE-2017-15398 chromium-browser: stack buffer overflow in quic
- BZ - 1510431 - CVE-2017-15399 chromium-browser: use after free in v8
CVEs
References
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-62.0.3202.89-1.el6_9.x86_64.rpm | SHA-256: 39fd3a4d01bbfd6cd9e249451debd23bcca789f456679c5003131f011b5d2f84 |
| chromium-browser-debuginfo-62.0.3202.89-1.el6_9.x86_64.rpm | SHA-256: 1269caecbf4d6c7837504ab46802195113204f03f55535512c15b2ad7ff90771 |
| i386 | |
| chromium-browser-62.0.3202.89-1.el6_9.i686.rpm | SHA-256: 20d7aa5f75e0b34d1d7317415640388c4445331cbc8a64c105de7669383bd24e |
| chromium-browser-debuginfo-62.0.3202.89-1.el6_9.i686.rpm | SHA-256: 83c7640e07874650051ed100137e1ec5687bf18721d8d4b156b23ee1a724594f |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-62.0.3202.89-1.el6_9.x86_64.rpm | SHA-256: 39fd3a4d01bbfd6cd9e249451debd23bcca789f456679c5003131f011b5d2f84 |
| chromium-browser-debuginfo-62.0.3202.89-1.el6_9.x86_64.rpm | SHA-256: 1269caecbf4d6c7837504ab46802195113204f03f55535512c15b2ad7ff90771 |
| i386 | |
| chromium-browser-62.0.3202.89-1.el6_9.i686.rpm | SHA-256: 20d7aa5f75e0b34d1d7317415640388c4445331cbc8a64c105de7669383bd24e |
| chromium-browser-debuginfo-62.0.3202.89-1.el6_9.i686.rpm | SHA-256: 83c7640e07874650051ed100137e1ec5687bf18721d8d4b156b23ee1a724594f |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-62.0.3202.89-1.el6_9.x86_64.rpm | SHA-256: 39fd3a4d01bbfd6cd9e249451debd23bcca789f456679c5003131f011b5d2f84 |
| chromium-browser-debuginfo-62.0.3202.89-1.el6_9.x86_64.rpm | SHA-256: 1269caecbf4d6c7837504ab46802195113204f03f55535512c15b2ad7ff90771 |
| i386 | |
| chromium-browser-62.0.3202.89-1.el6_9.i686.rpm | SHA-256: 20d7aa5f75e0b34d1d7317415640388c4445331cbc8a64c105de7669383bd24e |
| chromium-browser-debuginfo-62.0.3202.89-1.el6_9.i686.rpm | SHA-256: 83c7640e07874650051ed100137e1ec5687bf18721d8d4b156b23ee1a724594f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.