(RHSA-2020:1487) Important: chromium-browser security update

2020-04-1606:55:24

access.redhat.com

107

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.466 Medium

EPSS

Percentile

97.5%

JSON

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 81.0.4044.92.

Security Fix(es):

chromium-browser: Use after free in audio (CVE-2020-6423)
chromium-browser: Use after free in extensions (CVE-2020-6454)
chromium-browser: Out of bounds read in WebSQL (CVE-2020-6455)
chromium-browser: Type Confusion in V8 (CVE-2020-6430)
chromium-browser: Insufficient policy enforcement in full screen (CVE-2020-6431)
chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6432)
chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6433)
chromium-browser: Use after free in devtools (CVE-2020-6434)
chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6435)
chromium-browser: Use after free in window management (CVE-2020-6436)
chromium-browser: Insufficient validation of untrusted input in clipboard (CVE-2020-6456)
chromium-browser: Inappropriate implementation in WebView (CVE-2020-6437)
chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6438)
chromium-browser: Insufficient policy enforcement in navigations (CVE-2020-6439)
chromium-browser: Inappropriate implementation in extensions (CVE-2020-6440)
chromium-browser: Insufficient policy enforcement in omnibox (CVE-2020-6441)
chromium-browser: Inappropriate implementation in cache (CVE-2020-6442)
chromium-browser: Insufficient data validation in developer tools (CVE-2020-6443)
chromium-browser: Uninitialized use in WebRTC (CVE-2020-6444)
chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6445)
chromium-browser: Insufficient policy enforcement in trusted types (CVE-2020-6446)
chromium-browser: Inappropriate implementation in developer tools (CVE-2020-6447)
chromium-browser: Use after free in V8 (CVE-2020-6448)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64chromium-browser< 81.0.4044.92-2.el6_10chromium-browser-81.0.4044.92-2.el6_10.x86_64.rpm
RedHat6i686chromium-browser< 81.0.4044.92-2.el6_10chromium-browser-81.0.4044.92-2.el6_10.i686.rpm
RedHat6i686chromium-browser-debuginfo< 81.0.4044.92-2.el6_10chromium-browser-debuginfo-81.0.4044.92-2.el6_10.i686.rpm
RedHat6x86_64chromium-browser-debuginfo< 81.0.4044.92-2.el6_10chromium-browser-debuginfo-81.0.4044.92-2.el6_10.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	x86_64	chromium-browser	< 81.0.4044.92-2.el6_10	chromium-browser-81.0.4044.92-2.el6_10.x86_64.rpm
RedHat	6	i686	chromium-browser	< 81.0.4044.92-2.el6_10	chromium-browser-81.0.4044.92-2.el6_10.i686.rpm
RedHat	6	i686	chromium-browser-debuginfo	< 81.0.4044.92-2.el6_10	chromium-browser-debuginfo-81.0.4044.92-2.el6_10.i686.rpm
RedHat	6	x86_64	chromium-browser-debuginfo	< 81.0.4044.92-2.el6_10	chromium-browser-debuginfo-81.0.4044.92-2.el6_10.x86_64.rpm