RedHat: RHSA-2018-2282:01 Important: chromium-browser security update
Summary
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 68.0.3440.75.
Security Fix(es):
* chromium-browser: Stack buffer overflow in Skia (CVE-2018-6153)
* chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6154)
* chromium-browser: Use after free in WebRTC (CVE-2018-6155)
* chromium-browser: Heap buffer overflow in WebRTC (CVE-2018-6156)
* chromium-browser: Type confusion in WebRTC (CVE-2018-6157)
* chromium-browser: Cross origin information disclosure in Service Workers(CVE-2018-6150)
* chromium-browser: Bad cast in DevTools (CVE-2018-6151)
* chromium-browser: Local file write in DevTools (CVE-2018-6152)
* chromium-browser: Use after free in Blink (CVE-2018-6158)
* chromium-browser: Same origin policy bypass in ServiceWorker
(CVE-2018-6159)
* chromium-browser: Same origin policy bypass in WebAudio (CVE-2018-6161)
* chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6162)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6163)
* chromium-browser: Same origin policy bypass in ServiceWorker
(CVE-2018-6164)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6165)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6166)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6167)
* chromium-browser: CORS bypass in Blink (CVE-2018-6168)
* chromium-browser: Permissions bypass in extension installation
(CVE-2018-6169)
* chromium-browser: Type confusion in PDFium (CVE-2018-6170)
* chromium-browser: Use after free in WebBluetooth (CVE-2018-6171)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6172)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6173)
* chromium-browser: Integer overflow in SwiftShader (CVE-2018-6174)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6175)
* chromium-browser: Local user privilege escalation in Extensions
(CVE-2018-6176)
* chromium-browser: Cross origin information leak in Blink (CVE-2018-4117)
* chromium-browser: Request privilege escalation in Extensions
(CVE-2018-6044)
* chromium-browser: Cross origin information leak in Blink (CVE-2018-6177)
* chromium-browser: UI spoof in Extensions (CVE-2018-6178)
* chromium-browser: Local file information leak in Extensions
(CVE-2018-6179)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
References
https://access.redhat.com/security/cve/CVE-2018-4117 https://access.redhat.com/security/cve/CVE-2018-6044 https://access.redhat.com/security/cve/CVE-2018-6150 https://access.redhat.com/security/cve/CVE-2018-6151 https://access.redhat.com/security/cve/CVE-2018-6152 https://access.redhat.com/security/cve/CVE-2018-6153 https://access.redhat.com/security/cve/CVE-2018-6154 https://access.redhat.com/security/cve/CVE-2018-6155 https://access.redhat.com/security/cve/CVE-2018-6156 https://access.redhat.com/security/cve/CVE-2018-6157 https://access.redhat.com/security/cve/CVE-2018-6158 https://access.redhat.com/security/cve/CVE-2018-6159 https://access.redhat.com/security/cve/CVE-2018-6161 https://access.redhat.com/security/cve/CVE-2018-6162 https://access.redhat.com/security/cve/CVE-2018-6163 https://access.redhat.com/security/cve/CVE-2018-6164 https://access.redhat.com/security/cve/CVE-2018-6165 https://access.redhat.com/security/cve/CVE-2018-6166 https://access.redhat.com/security/cve/CVE-2018-6167 https://access.redhat.com/security/cve/CVE-2018-6168 https://access.redhat.com/security/cve/CVE-2018-6169 https://access.redhat.com/security/cve/CVE-2018-6170 https://access.redhat.com/security/cve/CVE-2018-6171 https://access.redhat.com/security/cve/CVE-2018-6172 https://access.redhat.com/security/cve/CVE-2018-6173 https://access.redhat.com/security/cve/CVE-2018-6174 https://access.redhat.com/security/cve/CVE-2018-6175 https://access.redhat.com/security/cve/CVE-2018-6176 https://access.redhat.com/security/cve/CVE-2018-6177 https://access.redhat.com/security/cve/CVE-2018-6178 https://access.redhat.com/security/cve/CVE-2018-6179 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm
x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm
x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm
x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
Bugs Fixed
1608177 - CVE-2018-6153 chromium-browser: Stack buffer overflow in Skia
1608178 - CVE-2018-6154 chromium-browser: Heap buffer overflow in WebGL
1608179 - CVE-2018-6155 chromium-browser: Use after free in WebRTC
1608180 - CVE-2018-6156 chromium-browser: Heap buffer overflow in WebRTC
1608181 - CVE-2018-6157 chromium-browser: Type confusion in WebRTC
1608182 - CVE-2018-6158 chromium-browser: Use after free in Blink
1608183 - CVE-2018-6159 chromium-browser: Same origin policy bypass in ServiceWorker
1608185 - CVE-2018-6161 chromium-browser: Same origin policy bypass in WebAudio
1608186 - CVE-2018-6162 chromium-browser: Heap buffer overflow in WebGL
1608187 - CVE-2018-6163 chromium-browser: URL spoof in Omnibox
1608188 - CVE-2018-6164 chromium-browser: Same origin policy bypass in ServiceWorker
1608189 - CVE-2018-6165 chromium-browser: URL spoof in Omnibox
1608190 - CVE-2018-6166 chromium-browser: URL spoof in Omnibox
1608191 - CVE-2018-6167 chromium-browser: URL spoof in Omnibox
1608192 - CVE-2018-6168 chromium-browser: CORS bypass in Blink
1608193 - CVE-2018-6169 chromium-browser: Permissions bypass in extension installation
1608194 - CVE-2018-6170 chromium-browser: Type confusion in PDFium
1608195 - CVE-2018-6171 chromium-browser: Use after free in WebBluetooth
1608196 - CVE-2018-6172 chromium-browser: URL spoof in Omnibox
1608197 - CVE-2018-6173 chromium-browser: URL spoof in Omnibox
1608198 - CVE-2018-6174 chromium-browser: Integer overflow in SwiftShader
1608199 - CVE-2018-6175 chromium-browser: URL spoof in Omnibox
1608200 - CVE-2018-6176 chromium-browser: Local user privilege escalation in Extensions
1608201 - CVE-2018-6177 chromium-browser: Cross origin information leak in Blink
1608202 - CVE-2018-6178 chromium-browser: UI spoof in Extensions
1608203 - CVE-2018-6179 chromium-browser: Local file information leak in Extensions
1608204 - CVE-2018-6044 chromium-browser: Request privilege escalation in Extensions
1608205 - CVE-2018-4117 chromium-browser: Cross origin information leak in Blink
1608206 - CVE-2018-6150 chromium-browser: Cross origin information disclosure in Service Workers1608207 - CVE-2018-6151 chromium-browser: Bad cast in DevTools
1608208 - CVE-2018-6152 chromium-browser: Local file write in DevTools