Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title chromium-browser security update
Informations
Name RHSA-2020:0514 First vendor Publication 2020-02-17
Vendor RedHat Last vendor Modification 2020-02-17
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Overall CVSS Score 8.8
Base Score 8.8 Environmental Score 8.8
impact SubScore 5.9 Temporal Score 8.8
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction Required
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 80.0.3987.87.

Security Fix(es):

* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)

* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)

* chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)

* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)

* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)

* libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)

* sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880)

* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)

* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)

* sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926)

* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391)

* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392)

* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393)

* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394)

* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)

* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)

* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)

* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)

* chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399)

* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)

* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401)

* chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402)

* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)

* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)

* chromium-browser: Use after free in audio (CVE-2020-6406)

* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)

* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)

* chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410)

* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411)

* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)

* chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414)

* chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415)

* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)

* chromium-browser: Inappropriate implementation in installer (CVE-2020-6417)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure 1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c 1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference 1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive 1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880 1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript 1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript 1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage 1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC 1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio 1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC 1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams 1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink 1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions 1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink 1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink 1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript 1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia 1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing 1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium 1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache 1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS 1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads 1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox 1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink 1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause 1801182 - CVE-2020-6406 chromium-browser: Use after free in audio 1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS 1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox 1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation 1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink 1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing 1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript 1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams 1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2020-0514.html

CWE : Common Weakness Enumeration

% Id Name
31 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
19 % CWE-20 Improper Input Validation
9 % CWE-476 NULL Pointer Dereference
6 % CWE-416 Use After Free
6 % CWE-125 Out-of-bounds Read
6 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
3 % CWE-754 Improper Check for Unusual or Exceptional Conditions
3 % CWE-670 Always-Incorrect Control Flow Implementation
3 % CWE-667 Insufficient Locking
3 % CWE-434 Unrestricted Upload of File with Dangerous Type (CWE/SANS Top 25)
3 % CWE-203 Information Exposure Through Discrepancy
3 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
3 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application