Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:0484 - Security Advisory
Issued:
2018-03-12
Updated:
2018-03-12

RHSA-2018:0484 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: chromium-browser security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 65.0.3325.146.

Security Fix(es):

  • chromium-browser: incorrect permissions on shared memory (CVE-2018-6057)
  • chromium-browser: use-after-free in blink (CVE-2018-6060)
  • chromium-browser: race condition in v8 (CVE-2018-6061)
  • chromium-browser: heap buffer overflow in skia (CVE-2018-6062)
  • chromium-browser: incorrect permissions on shared memory (CVE-2018-6063)
  • chromium-browser: type confusion in v8 (CVE-2018-6064)
  • chromium-browser: integer overflow in v8 (CVE-2018-6065)
  • chromium-browser: same origin bypass via canvas (CVE-2018-6066)
  • chromium-browser: buffer overflow in skia (CVE-2018-6067)
  • chromium-browser: stack buffer overflow in skia (CVE-2018-6069)
  • chromium-browser: csp bypass through extensions (CVE-2018-6070)
  • chromium-browser: heap bufffer overflow in skia (CVE-2018-6071)
  • chromium-browser: integer overflow in pdfium (CVE-2018-6072)
  • chromium-browser: heap bufffer overflow in webgl (CVE-2018-6073)
  • chromium-browser: mark-of-the-web bypass (CVE-2018-6074)
  • chromium-browser: overly permissive cross origin downloads (CVE-2018-6075)
  • chromium-browser: incorrect handling of url fragment identifiers in blink (CVE-2018-6076)
  • chromium-browser: timing attack using svg filters (CVE-2018-6077)
  • chromium-browser: url spoof in omnibox (CVE-2018-6078)
  • chromium-browser: information disclosure via texture data in webgl (CVE-2018-6079)
  • chromium-browser: information disclosure in ipc call (CVE-2018-6080)
  • chromium-browser: xss in interstitials (CVE-2018-6081)
  • chromium-browser: circumvention of port blocking (CVE-2018-6082)
  • chromium-browser: incorrect processing of appmanifests (CVE-2018-6083)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386

Fixes

  • BZ - 1552476 - CVE-2018-6060 chromium-browser: use-after-free in blink
  • BZ - 1552477 - CVE-2018-6061 chromium-browser: race condition in v8
  • BZ - 1552478 - CVE-2018-6062 chromium-browser: heap buffer overflow in skia
  • BZ - 1552479 - CVE-2018-6057 chromium-browser: incorrect permissions on shared memory
  • BZ - 1552480 - CVE-2018-6063 chromium-browser: incorrect permissions on shared memory
  • BZ - 1552481 - CVE-2018-6064 chromium-browser: type confusion in v8
  • BZ - 1552482 - CVE-2018-6065 chromium-browser: integer overflow in v8
  • BZ - 1552483 - CVE-2018-6066 chromium-browser: same origin bypass via canvas
  • BZ - 1552484 - CVE-2018-6067 chromium-browser: buffer overflow in skia
  • BZ - 1552486 - CVE-2018-6069 chromium-browser: stack buffer overflow in skia
  • BZ - 1552487 - CVE-2018-6070 chromium-browser: csp bypass through extensions
  • BZ - 1552488 - CVE-2018-6071 chromium-browser: heap bufffer overflow in skia
  • BZ - 1552489 - CVE-2018-6072 chromium-browser: integer overflow in pdfium
  • BZ - 1552490 - CVE-2018-6073 chromium-browser: heap bufffer overflow in webgl
  • BZ - 1552491 - CVE-2018-6074 chromium-browser: mark-of-the-web bypass
  • BZ - 1552492 - CVE-2018-6075 chromium-browser: overly permissive cross origin downloads
  • BZ - 1552493 - CVE-2018-6076 chromium-browser: incorrect handling of url fragment identifiers in blink
  • BZ - 1552494 - CVE-2018-6077 chromium-browser: timing attack using svg filters
  • BZ - 1552495 - CVE-2018-6078 chromium-browser: url spoof in omnibox
  • BZ - 1552496 - CVE-2018-6079 chromium-browser: information disclosure via texture data in webgl
  • BZ - 1552497 - CVE-2018-6080 chromium-browser: information disclosure in ipc call
  • BZ - 1552498 - CVE-2018-6081 chromium-browser: xss in interstitials
  • BZ - 1552499 - CVE-2018-6082 chromium-browser: circumvention of port blocking
  • BZ - 1552500 - CVE-2018-6083 chromium-browser: incorrect processing of appmanifests

CVEs

  • CVE-2018-6057
  • CVE-2018-6060
  • CVE-2018-6061
  • CVE-2018-6062
  • CVE-2018-6063
  • CVE-2018-6064
  • CVE-2018-6065
  • CVE-2018-6066
  • CVE-2018-6067
  • CVE-2018-6069
  • CVE-2018-6070
  • CVE-2018-6071
  • CVE-2018-6072
  • CVE-2018-6073
  • CVE-2018-6074
  • CVE-2018-6075
  • CVE-2018-6076
  • CVE-2018-6077
  • CVE-2018-6078
  • CVE-2018-6079
  • CVE-2018-6080
  • CVE-2018-6081
  • CVE-2018-6082
  • CVE-2018-6083

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
x86_64
chromium-browser-65.0.3325.146-2.el6_9.x86_64.rpm SHA-256: bb84467a8535ce96780f9d5a122d6fce6357d2c92d3fd6588c1850aa455253b6
chromium-browser-debuginfo-65.0.3325.146-2.el6_9.x86_64.rpm SHA-256: 5e0cede1f9afca80f387b95b249f6c6b1b8e8e3b78eab5e343cd4ff02869f09e
i386
chromium-browser-65.0.3325.146-2.el6_9.i686.rpm SHA-256: f0322b4fbbbe91394325d8f85384089fa9e594ebe89eb1c17b0919d5238bb9f2
chromium-browser-debuginfo-65.0.3325.146-2.el6_9.i686.rpm SHA-256: cce04e8fab7d7a0d2736b35d78d713eb7211f01eaa79ba0cef580fb3b4712a37

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
chromium-browser-65.0.3325.146-2.el6_9.x86_64.rpm SHA-256: bb84467a8535ce96780f9d5a122d6fce6357d2c92d3fd6588c1850aa455253b6
chromium-browser-debuginfo-65.0.3325.146-2.el6_9.x86_64.rpm SHA-256: 5e0cede1f9afca80f387b95b249f6c6b1b8e8e3b78eab5e343cd4ff02869f09e
i386
chromium-browser-65.0.3325.146-2.el6_9.i686.rpm SHA-256: f0322b4fbbbe91394325d8f85384089fa9e594ebe89eb1c17b0919d5238bb9f2
chromium-browser-debuginfo-65.0.3325.146-2.el6_9.i686.rpm SHA-256: cce04e8fab7d7a0d2736b35d78d713eb7211f01eaa79ba0cef580fb3b4712a37

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
chromium-browser-65.0.3325.146-2.el6_9.x86_64.rpm SHA-256: bb84467a8535ce96780f9d5a122d6fce6357d2c92d3fd6588c1850aa455253b6
chromium-browser-debuginfo-65.0.3325.146-2.el6_9.x86_64.rpm SHA-256: 5e0cede1f9afca80f387b95b249f6c6b1b8e8e3b78eab5e343cd4ff02869f09e
i386
chromium-browser-65.0.3325.146-2.el6_9.i686.rpm SHA-256: f0322b4fbbbe91394325d8f85384089fa9e594ebe89eb1c17b0919d5238bb9f2
chromium-browser-debuginfo-65.0.3325.146-2.el6_9.i686.rpm SHA-256: cce04e8fab7d7a0d2736b35d78d713eb7211f01eaa79ba0cef580fb3b4712a37

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our Privacy Statement effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter