Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2743 chromium-browser security update 11 August 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium-browser Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-6541 CVE-2020-6540 CVE-2020-6539 CVE-2020-6538 CVE-2020-6537 CVE-2020-6536 CVE-2020-6535 CVE-2020-6534 CVE-2020-6533 CVE-2020-6532 CVE-2020-6531 CVE-2020-6530 CVE-2020-6529 CVE-2020-6528 CVE-2020-6527 CVE-2020-6526 CVE-2020-6525 CVE-2020-6524 CVE-2020-6523 CVE-2020-6522 CVE-2020-6521 CVE-2020-6520 CVE-2020-6519 CVE-2020-6518 CVE-2020-6517 CVE-2020-6516 CVE-2020-6515 CVE-2020-6514 CVE-2020-6513 CVE-2020-6512 CVE-2020-6511 CVE-2020-6510 Reference: ESB-2020.2605 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:3377 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2020:3377-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:3377 Issue date: 2020-08-10 CVE Names: CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 84.0.4147.105. Security Fix(es): * chromium-browser: Heap buffer overflow in background fetch (CVE-2020-6510) * chromium-browser: Side-channel information leakage in content security policy (CVE-2020-6511) * chromium-browser: Type Confusion in V8 (CVE-2020-6512) * chromium-browser: Heap buffer overflow in PDFium (CVE-2020-6513) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * chromium-browser: Use after free in tab strip (CVE-2020-6515) * chromium-browser: Policy bypass in CORS (CVE-2020-6516) * chromium-browser: Heap buffer overflow in history (CVE-2020-6517) * chromium-browser: Use after free in SCTP (CVE-2020-6532) * chromium-browser: Type Confusion in V8 (CVE-2020-6537) * chromium-browser: Inappropriate implementation in WebView (CVE-2020-6538) * chromium-browser: Use after free in CSS (CVE-2020-6539) * chromium-browser: Heap buffer overflow in Skia (CVE-2020-6540) * chromium-browser: Use after free in WebUSB (CVE-2020-6541) * chromium-browser: Use after free in developer tools (CVE-2020-6518) * chromium-browser: Policy bypass in CSP (CVE-2020-6519) * chromium-browser: Heap buffer overflow in Skia (CVE-2020-6520) * chromium-browser: Side-channel information leakage in autofill (CVE-2020-6521) * chromium-browser: Inappropriate implementation in external protocol handlers (CVE-2020-6522) * chromium-browser: Out of bounds write in Skia (CVE-2020-6523) * chromium-browser: Heap buffer overflow in WebAudio (CVE-2020-6524) * chromium-browser: Heap buffer overflow in Skia (CVE-2020-6525) * chromium-browser: Inappropriate implementation in iframe sandbox (CVE-2020-6526) * chromium-browser: Insufficient policy enforcement in CSP (CVE-2020-6527) * chromium-browser: Incorrect security UI in basic auth (CVE-2020-6528) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6529) * chromium-browser: Out of bounds memory access in developer tools (CVE-2020-6530) * chromium-browser: Side-channel information leakage in scroll to text (CVE-2020-6531) * chromium-browser: Type Confusion in V8 (CVE-2020-6533) * chromium-browser: Heap buffer overflow in WebRTC (CVE-2020-6534) * chromium-browser: Insufficient data validation in WebUI (CVE-2020-6535) * chromium-browser: Incorrect security UI in PWAs (CVE-2020-6536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1857320 - CVE-2020-6511 chromium-browser: Side-channel information leakage in content security policy 1857321 - CVE-2020-6512 chromium-browser: Type Confusion in V8 1857322 - CVE-2020-6513 chromium-browser: Heap buffer overflow in PDFium 1857323 - CVE-2020-6515 chromium-browser: Use after free in tab strip 1857324 - CVE-2020-6516 chromium-browser: Policy bypass in CORS 1857325 - CVE-2020-6518 chromium-browser: Use after free in developer tools 1857326 - CVE-2020-6519 chromium-browser: Policy bypass in CSP 1857327 - CVE-2020-6520 chromium-browser: Heap buffer overflow in Skia 1857328 - CVE-2020-6521 chromium-browser: Side-channel information leakage in autofill 1857329 - CVE-2020-6523 chromium-browser: Out of bounds write in Skia 1857330 - CVE-2020-6524 chromium-browser: Heap buffer overflow in WebAudio 1857331 - CVE-2020-6525 chromium-browser: Heap buffer overflow in Skia 1857332 - CVE-2020-6526 chromium-browser: Inappropriate implementation in iframe sandbox 1857333 - CVE-2020-6527 chromium-browser: Insufficient policy enforcement in CSP 1857334 - CVE-2020-6528 chromium-browser: Incorrect security UI in basic auth 1857336 - CVE-2020-6529 chromium-browser: Inappropriate implementation in WebRTC 1857337 - CVE-2020-6530 chromium-browser: Out of bounds memory access in developer tools 1857338 - CVE-2020-6531 chromium-browser: Side-channel information leakage in scroll to text 1857339 - CVE-2020-6533 chromium-browser: Type Confusion in V8 1857340 - CVE-2020-6534 chromium-browser: Heap buffer overflow in WebRTC 1857341 - CVE-2020-6535 chromium-browser: Insufficient data validation in WebUI 1857342 - CVE-2020-6536 chromium-browser: Incorrect security UI in PWAs 1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC 1857351 - CVE-2020-6517 chromium-browser: Heap buffer overflow in history 1857352 - CVE-2020-6522 chromium-browser: Inappropriate implementation in external protocol handlers 1857400 - CVE-2020-6510 chromium-browser: Heap buffer overflow in background fetch 1861464 - CVE-2020-6537 chromium-browser: Type Confusion in V8 1861465 - CVE-2020-6538 chromium-browser: Inappropriate implementation in WebView 1861466 - CVE-2020-6532 chromium-browser: Use after free in SCTP 1861467 - CVE-2020-6539 chromium-browser: Use after free in CSS 1861468 - CVE-2020-6540 chromium-browser: Heap buffer overflow in Skia 1861469 - CVE-2020-6541 chromium-browser: Use after free in WebUSB 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-84.0.4147.105-2.el6_10.i686.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm i686: chromium-browser-84.0.4147.105-2.el6_10.i686.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm x86_64: chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): i686: chromium-browser-84.0.4147.105-2.el6_10.i686.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm x86_64: chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-84.0.4147.105-2.el6_10.i686.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm i686: chromium-browser-84.0.4147.105-2.el6_10.i686.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm x86_64: chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-84.0.4147.105-2.el6_10.i686.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm i686: chromium-browser-84.0.4147.105-2.el6_10.i686.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm x86_64: chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6510 https://access.redhat.com/security/cve/CVE-2020-6511 https://access.redhat.com/security/cve/CVE-2020-6512 https://access.redhat.com/security/cve/CVE-2020-6513 https://access.redhat.com/security/cve/CVE-2020-6514 https://access.redhat.com/security/cve/CVE-2020-6515 https://access.redhat.com/security/cve/CVE-2020-6516 https://access.redhat.com/security/cve/CVE-2020-6517 https://access.redhat.com/security/cve/CVE-2020-6518 https://access.redhat.com/security/cve/CVE-2020-6519 https://access.redhat.com/security/cve/CVE-2020-6520 https://access.redhat.com/security/cve/CVE-2020-6521 https://access.redhat.com/security/cve/CVE-2020-6522 https://access.redhat.com/security/cve/CVE-2020-6523 https://access.redhat.com/security/cve/CVE-2020-6524 https://access.redhat.com/security/cve/CVE-2020-6525 https://access.redhat.com/security/cve/CVE-2020-6526 https://access.redhat.com/security/cve/CVE-2020-6527 https://access.redhat.com/security/cve/CVE-2020-6528 https://access.redhat.com/security/cve/CVE-2020-6529 https://access.redhat.com/security/cve/CVE-2020-6530 https://access.redhat.com/security/cve/CVE-2020-6531 https://access.redhat.com/security/cve/CVE-2020-6532 https://access.redhat.com/security/cve/CVE-2020-6533 https://access.redhat.com/security/cve/CVE-2020-6534 https://access.redhat.com/security/cve/CVE-2020-6535 https://access.redhat.com/security/cve/CVE-2020-6536 https://access.redhat.com/security/cve/CVE-2020-6537 https://access.redhat.com/security/cve/CVE-2020-6538 https://access.redhat.com/security/cve/CVE-2020-6539 https://access.redhat.com/security/cve/CVE-2020-6540 https://access.redhat.com/security/cve/CVE-2020-6541 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzDrltzjgjWX9erEAQjq4A/9F+d6YmvVus3nDkp0gDfuzIt7/Vxs8Fu6 6iMLBHeBDyeiCzQ6s/uhRMfhOV8PpzR0fx60X4wJQAnS71c/XdHN6EhP6ZMPYyRe nO3rCiFx9EWNeQfkTXD5ngeGvcTjWPkhcH/Gm4C/BJ0HUmP8/FAwVSxHQ/cVah6h 4xfBf9NTRrt944tc+f/gScpuAk2JZMhGoc489tTkNXJ06wOQXPxypJV9GYiLNxoP 9dTv9xvvmTT0Pkct9L7aJyI6XWY2gr1gxfmxlZ0xZumlaOVi1Ug7JafhoKM6sNyV PSV7Ic4hJTKRtmdO9BWh4ja8fgKAsm7pYsiSMB2hc62qfjyXT3ANKBU6ZXfkaFeo 5Z2xCnaCl2rTN6gExxTC7md2gpPIikpF9uu+7PWhzZEKTgxVdsM+n8Yb2o9/W5j0 r/ggx7pt5dG06gDBUmN1Y2iny9opdFHdxcYkZWSa1K9JuRNL/uhuLIc5pVtZ2BEW /lwW7HXD1thdsCSueOiDHibf6RtDN0mieRFjfTJHA/wqb6pjfPJ+jk26nzsIVTbv 7JMiJYqYGxNORebhJ/425weveVaiBva8G6puY8hiNqnoe8AHCl7REg4/IpqWH88a eSXQHDCZGNIc2h9VRhobbZ6AD/yAu9dy711Eel/JhwOzGBZmUxNdv4O/ur4PT9FX BJye0FQqWD8= =MNeg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXzHlYuNLKJtyKPYoAQjToQ/+OxwlsUag1Oyvsb9o4TUu+/+KPjxx5Dp2 k7R7T0cvj4Ewaa+kt/mlMp2M+1G91krFo1e6umXAWD/oB8Ad0h2srBhhGcBZU8gk 1/JnRWwXN22DipR0JMBfuY274JYGlWbxMKtg99SASjWNSZo26ThqM87pOCdbt1q/ P7O0oa1Iyybvl3kNXVtlAG7WiTepLvspy6w7h8eNBYTzBsjgUp4xgTiMkV1A352y RJlUGu+0+Z5QxFqZGfRw0MHeZVHVN5DA41t9ughX0YDiNLGbJi1HrlsNEoxElWe6 nZrY+obbsW3mavBddUWH+KFN6FE+RJe/G+I51qQSV9MNfFY1vCKyBPfS899tpLXK /FVkDbXMPUOKxM6r9J1/7nF8pFrcNxcZpYdn4vJesXqcHtEYqfQ1QoZQ3AyrSM+7 tI7o2r1U5ChJwF2HdAP6Fqt+bYl3Q0Hu2nSg5Cg6KHzBWuT4XlPpYxbsXNU63hEO jy4AtDR0x3Cne+F06KG5iL573/sdnWyDgxMtSLAR3IvIL46WrLLFQ/bA108RVL4H 6kiiYjP/OyD9ukurCvmx2JFVzlEMFRq5Ios3nkdtG6qoV+YbDSXRqukfIeUMJ1WB ryNw17ZPKjrpSJMwQMjVeqD7vV3P7m3SEwUDFhIqGuB6lrW+AvtH//tYfPoau6jb /fQIzMkEnbA= =7otc -----END PGP SIGNATURE-----