RHEL 6 : chromium-browser (RHSA-2019:3211)

Medium Nessus Plugin ID 130372

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.3

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 77.0.3865.120.

Security Fix(es) :

* chromium-browser: Use-after-free in media (CVE-2019-5870)

* chromium-browser: Heap overflow in Skia (CVE-2019-5871)

* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)

* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)

* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)

* chromium-browser: Use-after-free in media (CVE-2019-5876)

* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)

* chromium-browser: Use-after-free in V8 (CVE-2019-5878)

* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)

* chromium-browser: Use-after-free in media (CVE-2019-13688)

* chromium-browser: Omnibox spoof (CVE-2019-13691)

* chromium-browser: SOP bypass (CVE-2019-13692)

* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)

* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)

* chromium-browser: Use-after-free in audio (CVE-2019-13695)

* chromium-browser: Use-after-free in V8 (CVE-2019-13696)

* chromium-browser: Cross-origin size leak (CVE-2019-13697)

* chromium-browser: Extensions can read some local files (CVE-2019-5879)

* chromium-browser: SameSite cookie bypass (CVE-2019-5880)

* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)

* chromium-browser: URL spoof (CVE-2019-13659)

* chromium-browser: Full screen notification overlap (CVE-2019-13660)

* chromium-browser: Full screen notification spoof (CVE-2019-13661)

* chromium-browser: CSP bypass (CVE-2019-13662)

* chromium-browser: IDN spoof (CVE-2019-13663)

* chromium-browser: CSRF bypass (CVE-2019-13664)

* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)

* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)

* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)

* chromium-browser: Global window leak via console (CVE-2019-13668)

* chromium-browser: HTTP authentication spoof (CVE-2019-13669)

* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)

* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)

* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)

* chromium-browser: IDN spoofing (CVE-2019-13674)

* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)

* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)

* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)

* chromium-browser: Download dialog spoofing (CVE-2019-13678)

* chromium-browser: User gesture needed for printing (CVE-2019-13679)

* chromium-browser: IP address spoofing to servers (CVE-2019-13680)

* chromium-browser: Bypass on download restrictions (CVE-2019-13681)

* chromium-browser: Site isolation bypass (CVE-2019-13682)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Update the affected chromium-browser and / or chromium-browser-debuginfo packages.

See Also

https://access.redhat.com/errata/RHSA-2019:3211

https://access.redhat.com/security/cve/cve-2019-5870

https://access.redhat.com/security/cve/cve-2019-5871

https://access.redhat.com/security/cve/cve-2019-5872

https://access.redhat.com/security/cve/cve-2019-5874

https://access.redhat.com/security/cve/cve-2019-5875

https://access.redhat.com/security/cve/cve-2019-5876

https://access.redhat.com/security/cve/cve-2019-5877

https://access.redhat.com/security/cve/cve-2019-5878

https://access.redhat.com/security/cve/cve-2019-5879

https://access.redhat.com/security/cve/cve-2019-5880

https://access.redhat.com/security/cve/cve-2019-5881

https://access.redhat.com/security/cve/cve-2019-13659

https://access.redhat.com/security/cve/cve-2019-13660

https://access.redhat.com/security/cve/cve-2019-13661

https://access.redhat.com/security/cve/cve-2019-13662

https://access.redhat.com/security/cve/cve-2019-13663

https://access.redhat.com/security/cve/cve-2019-13664

https://access.redhat.com/security/cve/cve-2019-13665

https://access.redhat.com/security/cve/cve-2019-13666

https://access.redhat.com/security/cve/cve-2019-13667

https://access.redhat.com/security/cve/cve-2019-13668

https://access.redhat.com/security/cve/cve-2019-13669

https://access.redhat.com/security/cve/cve-2019-13670

https://access.redhat.com/security/cve/cve-2019-13671

https://access.redhat.com/security/cve/cve-2019-13673

https://access.redhat.com/security/cve/cve-2019-13674

https://access.redhat.com/security/cve/cve-2019-13675

https://access.redhat.com/security/cve/cve-2019-13676

https://access.redhat.com/security/cve/cve-2019-13677

https://access.redhat.com/security/cve/cve-2019-13678

https://access.redhat.com/security/cve/cve-2019-13679

https://access.redhat.com/security/cve/cve-2019-13680

https://access.redhat.com/security/cve/cve-2019-13681

https://access.redhat.com/security/cve/cve-2019-13682

https://access.redhat.com/security/cve/cve-2019-13683

https://access.redhat.com/security/cve/cve-2019-13685

https://access.redhat.com/security/cve/cve-2019-13686

https://access.redhat.com/security/cve/cve-2019-13687

https://access.redhat.com/security/cve/cve-2019-13688

https://access.redhat.com/security/cve/cve-2019-13691

https://access.redhat.com/security/cve/cve-2019-13692

https://access.redhat.com/security/cve/cve-2019-13693

https://access.redhat.com/security/cve/cve-2019-13694

https://access.redhat.com/security/cve/cve-2019-13695

https://access.redhat.com/security/cve/cve-2019-13696

https://access.redhat.com/security/cve/cve-2019-13697

Plugin Details

Severity: Medium

ID: 130372

File Name: redhat-RHSA-2019-3211.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2019/10/30

Updated: 2020/05/29

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 7.3

CVSS Score Source: CVE-2019-5878

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:chromium-browser, p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/10/29

Vulnerability Publication Date: 2019/11/25

Reference Information

CVE: CVE-2019-13659, CVE-2019-13660, CVE-2019-13661, CVE-2019-13662, CVE-2019-13663, CVE-2019-13664, CVE-2019-13665, CVE-2019-13666, CVE-2019-13667, CVE-2019-13668, CVE-2019-13669, CVE-2019-13670, CVE-2019-13671, CVE-2019-13673, CVE-2019-13674, CVE-2019-13675, CVE-2019-13676, CVE-2019-13677, CVE-2019-13678, CVE-2019-13679, CVE-2019-13680, CVE-2019-13681, CVE-2019-13682, CVE-2019-13683, CVE-2019-13685, CVE-2019-13686, CVE-2019-13687, CVE-2019-13688, CVE-2019-13691, CVE-2019-13692, CVE-2019-13693, CVE-2019-13694, CVE-2019-13695, CVE-2019-13696, CVE-2019-13697, CVE-2019-5870, CVE-2019-5871, CVE-2019-5872, CVE-2019-5874, CVE-2019-5875, CVE-2019-5876, CVE-2019-5877, CVE-2019-5878, CVE-2019-5879, CVE-2019-5880, CVE-2019-5881

RHSA: 2019:3211