RHSA-2019:3211-01 -- Redhat chromium-browser, chromium-browser-debuginfoID: oval:org.secpod.oval:def:505513 | Date: (C)2020-12-31 (M)2024-02-19 |
Class: PATCH | Family: unix |
Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 77.0.3865.120. Security Fix: * chromium-browser: Use-after-free in media * chromium-browser: Heap overflow in Skia * chromium-browser: Use-after-free in Mojo * chromium-browser: External URIs may trigger other browsers * chromium-browser: URL bar spoof via download redirect * chromium-browser: Use-after-free in media * chromium-browser: Out-of-bounds access in V8 * chromium-browser: Use-after-free in V8 * chromium-browser: Use-after-free in offline pages * chromium-browser: Use-after-free in media * chromium-browser: Omnibox spoof * chromium-browser: SOP bypass * chromium-browser: Use-after-free in IndexedDB * chromium-browser: Use-after-free in WebRTC * chromium-browser: Use-after-free in audio * chromium-browser: Use-after-free in V8 * chromium-browser: Cross-origin size leak * chromium-browser: Extensions can read some local files * chromium-browser: SameSite cookie bypass * chromium-browser: Arbitrary read in SwiftShader * chromium-browser: URL spoof * chromium-browser: Full screen notification overlap * chromium-browser: Full screen notification spoof * chromium-browser: CSP bypass * chromium-browser: IDN spoof * chromium-browser: CSRF bypass * chromium-browser: Multiple file download protection bypass * chromium-browser: Side channel using storage size estimate * chromium-browser: URI bar spoof when using external app URIs * chromium-browser: Global window leak via console * chromium-browser: HTTP authentication spoof * chromium-browser: V8 memory corruption in regex * chromium-browser: Dialog box fails to show origin * chromium-browser: Cross-origin information leak using devtools * chromium-browser: IDN spoofing * chromium-browser: Extensions can be disabled by trailing slash * chromium-browser: Google URI shown for certificate warning * chromium-browser: Chrome web store origin needs to be isolated * chromium-browser: Download dialog spoofing * chromium-browser: User gesture needed for printing * chromium-browser: IP address spoofing to servers * chromium-browser: Bypass on download restrictions * chromium-browser: Site isolation bypass For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 6 |
Product: |
chromium-browser |
chromium-browser-debuginfo |