Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2068
chromium-browser security update
16 June 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: chromium-browser
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-6496 CVE-2020-6495 CVE-2020-6494
CVE-2020-6493 CVE-2020-6491 CVE-2020-6490
CVE-2020-6489 CVE-2020-6488 CVE-2020-6487
CVE-2020-6486 CVE-2020-6485 CVE-2020-6484
CVE-2020-6483 CVE-2020-6482 CVE-2020-6481
CVE-2020-6480 CVE-2020-6479 CVE-2020-6478
CVE-2020-6476 CVE-2020-6475 CVE-2020-6474
CVE-2020-6473 CVE-2020-6472 CVE-2020-6471
CVE-2020-6470 CVE-2020-6469 CVE-2020-6468
CVE-2020-6467 CVE-2020-6466 CVE-2020-6465
Reference: ASB-2020.0106
ASB-2020.0105
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:2544
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2020:2544-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2544
Issue date: 2020-06-15
CVE Names: CVE-2020-6465 CVE-2020-6466 CVE-2020-6467
CVE-2020-6468 CVE-2020-6469 CVE-2020-6470
CVE-2020-6471 CVE-2020-6472 CVE-2020-6473
CVE-2020-6474 CVE-2020-6475 CVE-2020-6476
CVE-2020-6478 CVE-2020-6479 CVE-2020-6480
CVE-2020-6481 CVE-2020-6482 CVE-2020-6483
CVE-2020-6484 CVE-2020-6485 CVE-2020-6486
CVE-2020-6487 CVE-2020-6488 CVE-2020-6489
CVE-2020-6490 CVE-2020-6491 CVE-2020-6493
CVE-2020-6494 CVE-2020-6495 CVE-2020-6496
=====================================================================
1. Summary:
An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 83.0.4103.97.
Security Fix(es):
* chromium-browser: Use after free in reader mode (CVE-2020-6465)
* chromium-browser: Use after free in media (CVE-2020-6466)
* chromium-browser: Use after free in WebRTC (CVE-2020-6467)
* chromium-browser: Type Confusion in V8 (CVE-2020-6468)
* chromium-browser: Insufficient policy enforcement in developer tools
(CVE-2020-6469)
* chromium-browser: Use after free in WebAuthentication (CVE-2020-6493)
* chromium-browser: Incorrect security UI in payments (CVE-2020-6494)
* chromium-browser: Insufficient policy enforcement in developer tools
(CVE-2020-6495)
* chromium-browser: Use after free in payments (CVE-2020-6496)
* chromium-browser: Insufficient validation of untrusted input in clipboard
(CVE-2020-6470)
* chromium-browser: Insufficient policy enforcement in developer tools
(CVE-2020-6471)
* chromium-browser: Insufficient policy enforcement in developer tools
(CVE-2020-6472)
* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6473)
* chromium-browser: Use after free in Blink (CVE-2020-6474)
* chromium-browser: Incorrect security UI in full screen (CVE-2020-6475)
* chromium-browser: Insufficient policy enforcement in tab strip
(CVE-2020-6476)
* chromium-browser: Inappropriate implementation in full screen
(CVE-2020-6478)
* chromium-browser: Inappropriate implementation in sharing (CVE-2020-6479)
* chromium-browser: Insufficient policy enforcement in enterprise
(CVE-2020-6480)
* chromium-browser: Insufficient policy enforcement in URL formatting
(CVE-2020-6481)
* chromium-browser: Insufficient policy enforcement in developer tools
(CVE-2020-6482)
* chromium-browser: Insufficient policy enforcement in payments
(CVE-2020-6483)
* chromium-browser: Insufficient data validation in ChromeDriver
(CVE-2020-6484)
* chromium-browser: Insufficient data validation in media router
(CVE-2020-6485)
* chromium-browser: Insufficient policy enforcement in navigations
(CVE-2020-6486)
* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-6487)
* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-6488)
* chromium-browser: Inappropriate implementation in developer tools
(CVE-2020-6489)
* chromium-browser: Insufficient data validation in loader (CVE-2020-6490)
* chromium-browser: Incorrect security UI in site information
(CVE-2020-6491)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1837877 - CVE-2020-6465 chromium-browser: Use after free in reader mode
1837878 - CVE-2020-6466 chromium-browser: Use after free in media
1837879 - CVE-2020-6467 chromium-browser: Use after free in WebRTC
1837880 - CVE-2020-6468 chromium-browser: Type Confusion in V8
1837882 - CVE-2020-6470 chromium-browser: Insufficient validation of untrusted input in clipboard
1837883 - CVE-2020-6471 chromium-browser: Insufficient policy enforcement in developer tools
1837884 - CVE-2020-6472 chromium-browser: Insufficient policy enforcement in developer tools
1837885 - CVE-2020-6473 chromium-browser: Insufficient policy enforcement in Blink
1837886 - CVE-2020-6474 chromium-browser: Use after free in Blink
1837887 - CVE-2020-6475 chromium-browser: Incorrect security UI in full screen
1837889 - CVE-2020-6478 chromium-browser: Inappropriate implementation in full screen
1837890 - CVE-2020-6480 chromium-browser: Insufficient policy enforcement in enterprise
1837891 - CVE-2020-6481 chromium-browser: Insufficient policy enforcement in URL formatting
1837892 - CVE-2020-6482 chromium-browser: Insufficient policy enforcement in developer tools
1837893 - CVE-2020-6483 chromium-browser: Insufficient policy enforcement in payments
1837894 - CVE-2020-6484 chromium-browser: Insufficient data validation in ChromeDriver
1837896 - CVE-2020-6485 chromium-browser: Insufficient data validation in media router
1837897 - CVE-2020-6486 chromium-browser: Insufficient policy enforcement in navigations
1837898 - CVE-2020-6487 chromium-browser: Insufficient policy enforcement in downloads
1837899 - CVE-2020-6488 chromium-browser: Insufficient policy enforcement in downloads
1837900 - CVE-2020-6489 chromium-browser: Inappropriate implementation in developer tools
1837901 - CVE-2020-6490 chromium-browser: Insufficient data validation in loader
1837902 - CVE-2020-6491 chromium-browser: Incorrect security UI in site information
1837907 - CVE-2020-6469 chromium-browser: Insufficient policy enforcement in developer tools
1837912 - CVE-2020-6476 chromium-browser: Insufficient policy enforcement in tab strip
1837927 - CVE-2020-6479 chromium-browser: Inappropriate implementation in sharing
1844554 - CVE-2020-6493 chromium-browser: Use after free in WebAuthentication
1844555 - CVE-2020-6494 chromium-browser: Incorrect security UI in payments
1844556 - CVE-2020-6495 chromium-browser: Insufficient policy enforcement in developer tools
1844557 - CVE-2020-6496 chromium-browser: Use after free in payments
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-83.0.4103.97-1.el6_10.i686.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
i686:
chromium-browser-83.0.4103.97-1.el6_10.i686.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
x86_64:
chromium-browser-83.0.4103.97-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686:
chromium-browser-83.0.4103.97-1.el6_10.i686.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
x86_64:
chromium-browser-83.0.4103.97-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-83.0.4103.97-1.el6_10.i686.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
i686:
chromium-browser-83.0.4103.97-1.el6_10.i686.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
x86_64:
chromium-browser-83.0.4103.97-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-83.0.4103.97-1.el6_10.i686.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
i686:
chromium-browser-83.0.4103.97-1.el6_10.i686.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.i686.rpm
x86_64:
chromium-browser-83.0.4103.97-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-83.0.4103.97-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-6465
https://access.redhat.com/security/cve/CVE-2020-6466
https://access.redhat.com/security/cve/CVE-2020-6467
https://access.redhat.com/security/cve/CVE-2020-6468
https://access.redhat.com/security/cve/CVE-2020-6469
https://access.redhat.com/security/cve/CVE-2020-6470
https://access.redhat.com/security/cve/CVE-2020-6471
https://access.redhat.com/security/cve/CVE-2020-6472
https://access.redhat.com/security/cve/CVE-2020-6473
https://access.redhat.com/security/cve/CVE-2020-6474
https://access.redhat.com/security/cve/CVE-2020-6475
https://access.redhat.com/security/cve/CVE-2020-6476
https://access.redhat.com/security/cve/CVE-2020-6478
https://access.redhat.com/security/cve/CVE-2020-6479
https://access.redhat.com/security/cve/CVE-2020-6480
https://access.redhat.com/security/cve/CVE-2020-6481
https://access.redhat.com/security/cve/CVE-2020-6482
https://access.redhat.com/security/cve/CVE-2020-6483
https://access.redhat.com/security/cve/CVE-2020-6484
https://access.redhat.com/security/cve/CVE-2020-6485
https://access.redhat.com/security/cve/CVE-2020-6486
https://access.redhat.com/security/cve/CVE-2020-6487
https://access.redhat.com/security/cve/CVE-2020-6488
https://access.redhat.com/security/cve/CVE-2020-6489
https://access.redhat.com/security/cve/CVE-2020-6490
https://access.redhat.com/security/cve/CVE-2020-6491
https://access.redhat.com/security/cve/CVE-2020-6493
https://access.redhat.com/security/cve/CVE-2020-6494
https://access.redhat.com/security/cve/CVE-2020-6495
https://access.redhat.com/security/cve/CVE-2020-6496
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXudvttzjgjWX9erEAQhS0A//VAEUo1J+vMah8qfsROL8jz5Db5dYA5Ek
T3afaNa9OX0j/pfpYsmjqUky+lsKk3rn/J4+OuBZ5/6pasx4Eh1opFSXJ2UbFHNM
siBhAbBlhgS93Geb+Q+7s2G44d03UIAx2r0jeJr3Z1LzTyM+7OUyM/vq1k7g2HAx
KwuzW6nkL1kfU84sjiyyYu0eGggmqRZhYu5kOCAMLAHzJI5JvQPwBUU3AhwTlVwr
qWy5GjNbTeAFQFoGnrJpopmCTl9kN1tRtdB9BV6ZkDxtVJzWrjRNRoLwTdv6OKuc
bhYwDjC/Dl7CMBv3ouIg6sCJP1iuJ+6BZE5lLCaMxtXLpmhwhWHWfpBnEnt+Y6Mv
T65uz1WGbwpOl+owHP+vwP5r3mpOl24uIROJ+6XNb5ghbVq624FvAbLrTfnzriII
9FZp/IRHnvr+D38CiKxHdBixmICnyZKU9snaHxJKouIChpHb6G1Oc+sjmrPqxcBt
YdAvXacyqFmY8/zFOMS7/0vXTNNMZn30CdTU0yKHH4/nS9R+0dRXum1Q2+eIKdI0
N1aFZAfQ+3AqOOUY/a+gr3D8TQZ9QzbFpIQ4L3cZ3fxN0J+4DiVdvck0/MvnZEgF
VLffKDE4Tf3RGbACiwyhw2is7hefCMgJ16bZANxcyIcxvWl1CqXW8JEFlkGdOotp
n4/CXViDMxQ=
=zRlY
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXuglJuNLKJtyKPYoAQgE/g/+IuRJLE9fE5yPdVKcr+vKWb6LAmbvTgIH
tQd1pkfDdpcJQheoEZY44aDXsxCrg9LcrvmAHpC66fk1U1CSO2pjcxUEjjefkP5q
WeYCeldz+XorVqMIq/c+gihWaFjLlwi4dKPdsXk4xJ65lPOswXjeNsHYaPTLyemz
a81Fno+de8jTuFy++6SNtS9+4tlmKrIBOALle+WGbf+s6A9ZAXvCgJXwUDIyoW1E
5mrM7O0/M86B/FpYkZlOBLmbXS2pKcjTI1ut2ggxbTT0N11un1D4tcx7fUvWaq7Z
zhLB0cPqIuOGH7j+rdCUMSXdE1ajXhPXHx9YzcZm+grffZpy7oaLTBF7CEOGRxCQ
wQhVF2WkQUbyuxqJ9iFuJE25qWxc+v5Snx5Gu1sy+XH7xXKJuxLDw5ZGsgoCKy8d
bqdztVtrF1x8cxbY1voXWFohl8MBAaiQidwBCwXOhCiFcBGaNBvFbst9V99Rtlo2
S53PplwxeBuXn7m2d6Yvjyfx0Qy+SB3/Fjcx2aYaQbAKaOcm8MuH/8SLBuzt/5uo
hpc6mGFx6f5S58ltEnyqTwQJmfxhxH0gsER3kyzVY38zFYnrUiDC4B5cmkD3Q28S
gX395tXP5ofGM/45cm25l0eWiDZ1tyeULkk8WvUjW4wcZSJ6tFlHSo2K+/3Wxasr
qKJu7tuodlE=
=93jG
-----END PGP SIGNATURE-----