-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: chromium-browser security update
Advisory ID:       RHSA-2019:3211-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3211
Issue date:        2019-10-29
CVE Names:         CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 
                   CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 
                   CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 
                   CVE-2019-5880 CVE-2019-5881 CVE-2019-13659 
                   CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 
                   CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 
                   CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 
                   CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 
                   CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 
                   CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 
                   CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 
                   CVE-2019-13682 CVE-2019-13686 CVE-2019-13688 
                   CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 
                   CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 
                   CVE-2019-13697 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 77.0.3865.120.

Security Fix(es):

* chromium-browser: Use-after-free in media (CVE-2019-5870)

* chromium-browser: Heap overflow in Skia (CVE-2019-5871)

* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)

* chromium-browser: External URIs may trigger other browsers
(CVE-2019-5874)

* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)

* chromium-browser: Use-after-free in media (CVE-2019-5876)

* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)

* chromium-browser: Use-after-free in V8 (CVE-2019-5878)

* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)

* chromium-browser: Use-after-free in media (CVE-2019-13688)

* chromium-browser: Omnibox spoof (CVE-2019-13691)

* chromium-browser: SOP bypass (CVE-2019-13692)

* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)

* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)

* chromium-browser: Use-after-free in audio (CVE-2019-13695)

* chromium-browser: Use-after-free in V8 (CVE-2019-13696)

* chromium-browser: Cross-origin size leak (CVE-2019-13697)

* chromium-browser: Extensions can read some local files (CVE-2019-5879)

* chromium-browser: SameSite cookie bypass (CVE-2019-5880)

* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)

* chromium-browser: URL spoof (CVE-2019-13659)

* chromium-browser: Full screen notification overlap (CVE-2019-13660)

* chromium-browser: Full screen notification spoof (CVE-2019-13661)

* chromium-browser: CSP bypass (CVE-2019-13662)

* chromium-browser: IDN spoof (CVE-2019-13663)

* chromium-browser: CSRF bypass (CVE-2019-13664)

* chromium-browser: Multiple file download protection bypass
(CVE-2019-13665)

* chromium-browser: Side channel using storage size estimate
(CVE-2019-13666)

* chromium-browser: URI bar spoof when using external app URIs
(CVE-2019-13667)

* chromium-browser: Global window leak via console (CVE-2019-13668)

* chromium-browser: HTTP authentication spoof (CVE-2019-13669)

* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)

* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)

* chromium-browser: Cross-origin information leak using devtools
(CVE-2019-13673)

* chromium-browser: IDN spoofing (CVE-2019-13674)

* chromium-browser: Extensions can be disabled by trailing slash
(CVE-2019-13675)

* chromium-browser: Google URI shown for certificate warning
(CVE-2019-13676)

* chromium-browser: Chrome web store origin needs to be isolated
(CVE-2019-13677)

* chromium-browser: Download dialog spoofing (CVE-2019-13678)

* chromium-browser: User gesture needed for printing (CVE-2019-13679)

* chromium-browser: IP address spoofing to servers (CVE-2019-13680)

* chromium-browser: Bypass on download restrictions (CVE-2019-13681)

* chromium-browser: Site isolation bypass (CVE-2019-13682)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1762366 - CVE-2019-5870 chromium-browser: Use-after-free in media
1762367 - CVE-2019-5871 chromium-browser: Heap overflow in Skia
1762368 - CVE-2019-5872 chromium-browser: Use-after-free in Mojo
1762370 - CVE-2019-5874 chromium-browser: External URIs may trigger other browsers
1762371 - CVE-2019-5875 chromium-browser: URL bar spoof via download redirect
1762372 - CVE-2019-13691 chromium-browser: Omnibox spoof
1762373 - CVE-2019-13692 chromium-browser: SOP bypass
1762374 - CVE-2019-5876 chromium-browser: Use-after-free in media
1762375 - CVE-2019-5877 chromium-browser: Out-of-bounds access in V8
1762376 - CVE-2019-5878 chromium-browser: Use-after-free in V8
1762377 - CVE-2019-5879 chromium-browser: Extensions can read some local files
1762378 - CVE-2019-5880 chromium-browser: SameSite cookie bypass
1762379 - CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader
1762380 - CVE-2019-13659 chromium-browser: URL spoof
1762381 - CVE-2019-13660 chromium-browser: Full screen notification overlap
1762382 - CVE-2019-13661 chromium-browser: Full screen notification spoof
1762383 - CVE-2019-13662 chromium-browser: CSP bypass
1762384 - CVE-2019-13663 chromium-browser: IDN spoof
1762385 - CVE-2019-13664 chromium-browser: CSRF bypass
1762386 - CVE-2019-13665 chromium-browser: Multiple file download protection bypass
1762387 - CVE-2019-13666 chromium-browser: Side channel using storage size estimate
1762388 - CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs
1762389 - CVE-2019-13668 chromium-browser: Global window leak via console
1762390 - CVE-2019-13669 chromium-browser: HTTP authentication spoof
1762391 - CVE-2019-13670 chromium-browser: V8 memory corruption in regex
1762392 - CVE-2019-13671 chromium-browser: Dialog box fails to show origin
1762393 - CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools
1762394 - CVE-2019-13674 chromium-browser: IDN spoofing
1762395 - CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash
1762396 - CVE-2019-13676 chromium-browser: Google URI shown for certificate warning
1762397 - CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated
1762398 - CVE-2019-13678 chromium-browser: Download dialog spoofing
1762399 - CVE-2019-13679 chromium-browser: User gesture needed for printing
1762400 - CVE-2019-13680 chromium-browser: IP address spoofing to servers
1762401 - CVE-2019-13681 chromium-browser: Bypass on download restrictions
1762402 - CVE-2019-13682 chromium-browser: Site isolation bypass
1762474 - CVE-2019-13688 chromium-browser: Use-after-free in media
1762476 - CVE-2019-13686 chromium-browser: Use-after-free in offline pages
1762518 - CVE-2019-13693 chromium-browser: Use-after-free in IndexedDB
1762519 - CVE-2019-13694 chromium-browser: Use-after-free in WebRTC
1762520 - CVE-2019-13695 chromium-browser: Use-after-free in audio
1762521 - CVE-2019-13696 chromium-browser: Use-after-free in V8
1762522 - CVE-2019-13697 chromium-browser: Cross-origin size leak

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

i686:
chromium-browser-77.0.3865.120-2.el6_10.i686.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm

x86_64:
chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5870
https://access.redhat.com/security/cve/CVE-2019-5871
https://access.redhat.com/security/cve/CVE-2019-5872
https://access.redhat.com/security/cve/CVE-2019-5874
https://access.redhat.com/security/cve/CVE-2019-5875
https://access.redhat.com/security/cve/CVE-2019-5876
https://access.redhat.com/security/cve/CVE-2019-5877
https://access.redhat.com/security/cve/CVE-2019-5878
https://access.redhat.com/security/cve/CVE-2019-5879
https://access.redhat.com/security/cve/CVE-2019-5880
https://access.redhat.com/security/cve/CVE-2019-5881
https://access.redhat.com/security/cve/CVE-2019-13659
https://access.redhat.com/security/cve/CVE-2019-13660
https://access.redhat.com/security/cve/CVE-2019-13661
https://access.redhat.com/security/cve/CVE-2019-13662
https://access.redhat.com/security/cve/CVE-2019-13663
https://access.redhat.com/security/cve/CVE-2019-13664
https://access.redhat.com/security/cve/CVE-2019-13665
https://access.redhat.com/security/cve/CVE-2019-13666
https://access.redhat.com/security/cve/CVE-2019-13667
https://access.redhat.com/security/cve/CVE-2019-13668
https://access.redhat.com/security/cve/CVE-2019-13669
https://access.redhat.com/security/cve/CVE-2019-13670
https://access.redhat.com/security/cve/CVE-2019-13671
https://access.redhat.com/security/cve/CVE-2019-13673
https://access.redhat.com/security/cve/CVE-2019-13674
https://access.redhat.com/security/cve/CVE-2019-13675
https://access.redhat.com/security/cve/CVE-2019-13676
https://access.redhat.com/security/cve/CVE-2019-13677
https://access.redhat.com/security/cve/CVE-2019-13678
https://access.redhat.com/security/cve/CVE-2019-13679
https://access.redhat.com/security/cve/CVE-2019-13680
https://access.redhat.com/security/cve/CVE-2019-13681
https://access.redhat.com/security/cve/CVE-2019-13682
https://access.redhat.com/security/cve/CVE-2019-13686
https://access.redhat.com/security/cve/CVE-2019-13688
https://access.redhat.com/security/cve/CVE-2019-13691
https://access.redhat.com/security/cve/CVE-2019-13692
https://access.redhat.com/security/cve/CVE-2019-13693
https://access.redhat.com/security/cve/CVE-2019-13694
https://access.redhat.com/security/cve/CVE-2019-13695
https://access.redhat.com/security/cve/CVE-2019-13696
https://access.redhat.com/security/cve/CVE-2019-13697
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXbgGY9zjgjWX9erEAQj5wRAAm+j/C5YBPVUg7udi96drwCfuSa6gmk9L
NtbMW6kPN9zgCKb/hvB/jIzbn7OKUKUOvNc0oChsn2ZBUYoD807RWOs/yhAMw7qV
p/9uNGAgSmX77rcvWF0IGSG5xcwoVpPcN18ZFRtz6c3QrRo24wSOygDZVuXFjZ2Y
fBcwqtVDiwhCj2m64q9DXXdS0+Xf7h79xZYoBZHboHS5l/XupFL/E7VLp92uW/uX
mxgaLFi+BWau1aMXxxyzDn/yWD19ImAZ+i3e8tsDVyMJqZspkIlb6Gvskp7vLyqw
TtSxWUnopoR3LE5oEeBhnQoV6Pzuu5FFq+iQ/ZxM4vcKelUtNi/A6x/EQYsqRZ7v
p002vFgQweppzKdZqybAzRLuPeWWuoCDqOoCWJHGtce2CHi+MIX0P9PYkBZHmdI8
AI2L4CvH5xLwrZvQfNR/JwEr2TiC6WNkV96vGJcS10V7qPezRJWBTS6W/R26D9Wo
IkjP6XWxBUti9wUZ5Ij4ozb/RPaRuAGjYl3Y56M2X0vcCqaRb76/3J3BsJi9xhe0
InutsymfIQRhRoHNQWApvhNqu0pvPjpoArtssjvanKP1U92+jEp5SO3VoRHKm3Bk
231kkQHF2G5wfIQoyaivZO6dWW0eelJyHKennFIG9kbTYdtq1DkqxwJElRqLEmEP
eDhYjjUM1yo=
=/Xwd
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce