9.3 - RHSA-2019:0708

Problem Description:

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 73.0.3683.75.

Security Fix(es):

* chromium-browser: Use after free in Canvas (CVE-2019-5787)

* chromium-browser: Use after free in FileAPI (CVE-2019-5788)

* chromium-browser: Use after free in WebMIDI (CVE-2019-5789)

* chromium-browser: Heap buffer overflow in V8 (CVE-2019-5790)

* chromium-browser: Type confusion in V8 (CVE-2019-5791)

* chromium-browser: Integer overflow in PDFium (CVE-2019-5792)

* chromium-browser: Excessive permissions for private API in Extensions (CVE-2019-5793)

* chromium-browser: Security UI spoofing (CVE-2019-5794)

* chromium-browser: Integer overflow in PDFium (CVE-2019-5795)

* chromium-browser: Race condition in Extensions (CVE-2019-5796)

* chromium-browser: Race condition in DOMStorage (CVE-2019-5797)

* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)

* chromium-browser: CSP bypass with blob URL (CVE-2019-5799)

* chromium-browser: CSP bypass with blob URL (CVE-2019-5800)

* chromium-browser: Security UI spoofing (CVE-2019-5802)

* chromium-browser: CSP bypass with Javascript URLs (CVE-2019-5803)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1688189 - CVE-2019-5787 chromium-browser: Use after free in Canvas 1688190 - CVE-2019-5788 chromium-browser: Use after free in FileAPI 1688191 - CVE-2019-5789 chromium-browser: Use after free in WebMIDI 1688192 - CVE-2019-5790 chromium-browser: Heap buffer overflow in V8 1688193 - CVE-2019-5791 chromium-browser: Type confusion in V8 1688194 - CVE-2019-5792 chromium-browser: Integer overflow in PDFium 1688195 - CVE-2019-5793 chromium-browser: Excessive permissions for private API in Extensions 1688196 - CVE-2019-5794 chromium-browser: Security UI spoofing 1688197 - CVE-2019-5795 chromium-browser: Integer overflow in PDFium 1688198 - CVE-2019-5796 chromium-browser: Race condition in Extensions 1688199 - CVE-2019-5797 chromium-browser: Race condition in DOMStorage 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1688201 - CVE-2019-5799 chromium-browser: CSP bypass with blob URL 1688202 - CVE-2019-5800 chromium-browser: CSP bypass with blob URL 1688204 - CVE-2019-5802 chromium-browser: Security UI spoofing 1688205 - CVE-2019-5803 chromium-browser: CSP bypass with Javascript URLs