RHSA-2018:0484 - Security Advisory

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 65.0.3325.146.

Security Fix(es):

• chromium-browser: incorrect permissions on shared memory (CVE-2018-6057)
• chromium-browser: use-after-free in blink (CVE-2018-6060)
• chromium-browser: race condition in v8 (CVE-2018-6061)
• chromium-browser: heap buffer overflow in skia (CVE-2018-6062)
• chromium-browser: incorrect permissions on shared memory (CVE-2018-6063)
• chromium-browser: type confusion in v8 (CVE-2018-6064)
• chromium-browser: integer overflow in v8 (CVE-2018-6065)
• chromium-browser: same origin bypass via canvas (CVE-2018-6066)
• chromium-browser: buffer overflow in skia (CVE-2018-6067)
• chromium-browser: stack buffer overflow in skia (CVE-2018-6069)
• chromium-browser: csp bypass through extensions (CVE-2018-6070)
• chromium-browser: heap bufffer overflow in skia (CVE-2018-6071)
• chromium-browser: integer overflow in pdfium (CVE-2018-6072)
• chromium-browser: heap bufffer overflow in webgl (CVE-2018-6073)
• chromium-browser: mark-of-the-web bypass (CVE-2018-6074)
• chromium-browser: overly permissive cross origin downloads (CVE-2018-6075)
• chromium-browser: incorrect handling of url fragment identifiers in blink (CVE-2018-6076)
• chromium-browser: timing attack using svg filters (CVE-2018-6077)
• chromium-browser: url spoof in omnibox (CVE-2018-6078)
• chromium-browser: information disclosure via texture data in webgl (CVE-2018-6079)
• chromium-browser: information disclosure in ipc call (CVE-2018-6080)
• chromium-browser: xss in interstitials (CVE-2018-6081)
• chromium-browser: circumvention of port blocking (CVE-2018-6082)
• chromium-browser: incorrect processing of appmanifests (CVE-2018-6083)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386

Fixes

• BZ - 1552476 - CVE-2018-6060 chromium-browser: use-after-free in blink
• BZ - 1552477 - CVE-2018-6061 chromium-browser: race condition in v8
• BZ - 1552478 - CVE-2018-6062 chromium-browser: heap buffer overflow in skia
• BZ - 1552479 - CVE-2018-6057 chromium-browser: incorrect permissions on shared memory
• BZ - 1552480 - CVE-2018-6063 chromium-browser: incorrect permissions on shared memory
• BZ - 1552481 - CVE-2018-6064 chromium-browser: type confusion in v8
• BZ - 1552482 - CVE-2018-6065 chromium-browser: integer overflow in v8
• BZ - 1552483 - CVE-2018-6066 chromium-browser: same origin bypass via canvas
• BZ - 1552484 - CVE-2018-6067 chromium-browser: buffer overflow in skia
• BZ - 1552486 - CVE-2018-6069 chromium-browser: stack buffer overflow in skia
• BZ - 1552487 - CVE-2018-6070 chromium-browser: csp bypass through extensions
• BZ - 1552488 - CVE-2018-6071 chromium-browser: heap bufffer overflow in skia
• BZ - 1552489 - CVE-2018-6072 chromium-browser: integer overflow in pdfium
• BZ - 1552490 - CVE-2018-6073 chromium-browser: heap bufffer overflow in webgl
• BZ - 1552491 - CVE-2018-6074 chromium-browser: mark-of-the-web bypass
• BZ - 1552492 - CVE-2018-6075 chromium-browser: overly permissive cross origin downloads
• BZ - 1552493 - CVE-2018-6076 chromium-browser: incorrect handling of url fragment identifiers in blink
• BZ - 1552494 - CVE-2018-6077 chromium-browser: timing attack using svg filters
• BZ - 1552495 - CVE-2018-6078 chromium-browser: url spoof in omnibox
• BZ - 1552496 - CVE-2018-6079 chromium-browser: information disclosure via texture data in webgl
• BZ - 1552497 - CVE-2018-6080 chromium-browser: information disclosure in ipc call
• BZ - 1552498 - CVE-2018-6081 chromium-browser: xss in interstitials
• BZ - 1552499 - CVE-2018-6082 chromium-browser: circumvention of port blocking
• BZ - 1552500 - CVE-2018-6083 chromium-browser: incorrect processing of appmanifests

CVEs

• CVE-2018-6057
• CVE-2018-6060
• CVE-2018-6061
• CVE-2018-6062
• CVE-2018-6063
• CVE-2018-6064
• CVE-2018-6065
• CVE-2018-6066
• CVE-2018-6067
• CVE-2018-6069
• CVE-2018-6070
• CVE-2018-6071
• CVE-2018-6072
• CVE-2018-6073
• CVE-2018-6074
• CVE-2018-6075
• CVE-2018-6076
• CVE-2018-6077
• CVE-2018-6078
• CVE-2018-6079
• CVE-2018-6080
• CVE-2018-6081
• CVE-2018-6082
• CVE-2018-6083

References

• https://access.redhat.com/security/updates/classification/#important