-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Critical: chromium-browser security update
Advisory ID:       RHSA-2020:3377-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3377
Issue date:        2020-08-10
CVE Names:         CVE-2020-6510 CVE-2020-6511 CVE-2020-6512
                   CVE-2020-6513 CVE-2020-6514 CVE-2020-6515
                   CVE-2020-6516 CVE-2020-6517 CVE-2020-6518
                   CVE-2020-6519 CVE-2020-6520 CVE-2020-6521
                   CVE-2020-6522 CVE-2020-6523 CVE-2020-6524
                   CVE-2020-6525 CVE-2020-6526 CVE-2020-6527
                   CVE-2020-6528 CVE-2020-6529 CVE-2020-6530
                   CVE-2020-6531 CVE-2020-6532 CVE-2020-6533
                   CVE-2020-6534 CVE-2020-6535 CVE-2020-6536
                   CVE-2020-6537 CVE-2020-6538 CVE-2020-6539
                   CVE-2020-6540 CVE-2020-6541
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 84.0.4147.105.

Security Fix(es):

* chromium-browser: Heap buffer overflow in background fetch
(CVE-2020-6510)

* chromium-browser: Side-channel information leakage in content security
policy (CVE-2020-6511)

* chromium-browser: Type Confusion in V8 (CVE-2020-6512)

* chromium-browser: Heap buffer overflow in PDFium (CVE-2020-6513)

* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)

* chromium-browser: Use after free in tab strip (CVE-2020-6515)

* chromium-browser: Policy bypass in CORS (CVE-2020-6516)

* chromium-browser: Heap buffer overflow in history (CVE-2020-6517)

* chromium-browser: Use after free in SCTP (CVE-2020-6532)

* chromium-browser: Type Confusion in V8 (CVE-2020-6537)

* chromium-browser: Inappropriate implementation in WebView (CVE-2020-6538)

* chromium-browser: Use after free in CSS (CVE-2020-6539)

* chromium-browser: Heap buffer overflow in Skia (CVE-2020-6540)

* chromium-browser: Use after free in WebUSB (CVE-2020-6541)

* chromium-browser: Use after free in developer tools (CVE-2020-6518)

* chromium-browser: Policy bypass in CSP (CVE-2020-6519)

* chromium-browser: Heap buffer overflow in Skia (CVE-2020-6520)

* chromium-browser: Side-channel information leakage in autofill
(CVE-2020-6521)

* chromium-browser: Inappropriate implementation in external protocol
handlers (CVE-2020-6522)

* chromium-browser: Out of bounds write in Skia (CVE-2020-6523)

* chromium-browser: Heap buffer overflow in WebAudio (CVE-2020-6524)

* chromium-browser: Heap buffer overflow in Skia (CVE-2020-6525)

* chromium-browser: Inappropriate implementation in iframe sandbox
(CVE-2020-6526)

* chromium-browser: Insufficient policy enforcement in CSP (CVE-2020-6527)

* chromium-browser: Incorrect security UI in basic auth (CVE-2020-6528)

* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6529)

* chromium-browser: Out of bounds memory access in developer tools
(CVE-2020-6530)

* chromium-browser: Side-channel information leakage in scroll to text
(CVE-2020-6531)

* chromium-browser: Type Confusion in V8 (CVE-2020-6533)

* chromium-browser: Heap buffer overflow in WebRTC (CVE-2020-6534)

* chromium-browser: Insufficient data validation in WebUI (CVE-2020-6535)

* chromium-browser: Incorrect security UI in PWAs (CVE-2020-6536)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1857320 - CVE-2020-6511 chromium-browser: Side-channel information leakage in content security policy
1857321 - CVE-2020-6512 chromium-browser: Type Confusion in V8
1857322 - CVE-2020-6513 chromium-browser: Heap buffer overflow in PDFium
1857323 - CVE-2020-6515 chromium-browser: Use after free in tab strip
1857324 - CVE-2020-6516 chromium-browser: Policy bypass in CORS
1857325 - CVE-2020-6518 chromium-browser: Use after free in developer tools
1857326 - CVE-2020-6519 chromium-browser: Policy bypass in CSP
1857327 - CVE-2020-6520 chromium-browser: Heap buffer overflow in Skia
1857328 - CVE-2020-6521 chromium-browser: Side-channel information leakage in autofill
1857329 - CVE-2020-6523 chromium-browser: Out of bounds write in Skia
1857330 - CVE-2020-6524 chromium-browser: Heap buffer overflow in WebAudio
1857331 - CVE-2020-6525 chromium-browser: Heap buffer overflow in Skia
1857332 - CVE-2020-6526 chromium-browser: Inappropriate implementation in iframe sandbox
1857333 - CVE-2020-6527 chromium-browser: Insufficient policy enforcement in CSP
1857334 - CVE-2020-6528 chromium-browser: Incorrect security UI in basic auth
1857336 - CVE-2020-6529 chromium-browser: Inappropriate implementation in WebRTC
1857337 - CVE-2020-6530 chromium-browser: Out of bounds memory access in developer tools
1857338 - CVE-2020-6531 chromium-browser: Side-channel information leakage in scroll to text
1857339 - CVE-2020-6533 chromium-browser: Type Confusion in V8
1857340 - CVE-2020-6534 chromium-browser: Heap buffer overflow in WebRTC
1857341 - CVE-2020-6535 chromium-browser: Insufficient data validation in WebUI
1857342 - CVE-2020-6536 chromium-browser: Incorrect security UI in PWAs
1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC
1857351 - CVE-2020-6517 chromium-browser: Heap buffer overflow in history
1857352 - CVE-2020-6522 chromium-browser: Inappropriate implementation in external protocol handlers
1857400 - CVE-2020-6510 chromium-browser: Heap buffer overflow in background fetch
1861464 - CVE-2020-6537 chromium-browser: Type Confusion in V8
1861465 - CVE-2020-6538 chromium-browser: Inappropriate implementation in WebView
1861466 - CVE-2020-6532 chromium-browser: Use after free in SCTP
1861467 - CVE-2020-6539 chromium-browser: Use after free in CSS
1861468 - CVE-2020-6540 chromium-browser: Heap buffer overflow in Skia
1861469 - CVE-2020-6541 chromium-browser: Use after free in WebUSB

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm

i686:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm

x86_64:
chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm

x86_64:
chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm

i686:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm

x86_64:
chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm

i686:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm

x86_64:
chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-6510
https://access.redhat.com/security/cve/CVE-2020-6511
https://access.redhat.com/security/cve/CVE-2020-6512
https://access.redhat.com/security/cve/CVE-2020-6513
https://access.redhat.com/security/cve/CVE-2020-6514
https://access.redhat.com/security/cve/CVE-2020-6515
https://access.redhat.com/security/cve/CVE-2020-6516
https://access.redhat.com/security/cve/CVE-2020-6517
https://access.redhat.com/security/cve/CVE-2020-6518
https://access.redhat.com/security/cve/CVE-2020-6519
https://access.redhat.com/security/cve/CVE-2020-6520
https://access.redhat.com/security/cve/CVE-2020-6521
https://access.redhat.com/security/cve/CVE-2020-6522
https://access.redhat.com/security/cve/CVE-2020-6523
https://access.redhat.com/security/cve/CVE-2020-6524
https://access.redhat.com/security/cve/CVE-2020-6525
https://access.redhat.com/security/cve/CVE-2020-6526
https://access.redhat.com/security/cve/CVE-2020-6527
https://access.redhat.com/security/cve/CVE-2020-6528
https://access.redhat.com/security/cve/CVE-2020-6529
https://access.redhat.com/security/cve/CVE-2020-6530
https://access.redhat.com/security/cve/CVE-2020-6531
https://access.redhat.com/security/cve/CVE-2020-6532
https://access.redhat.com/security/cve/CVE-2020-6533
https://access.redhat.com/security/cve/CVE-2020-6534
https://access.redhat.com/security/cve/CVE-2020-6535
https://access.redhat.com/security/cve/CVE-2020-6536
https://access.redhat.com/security/cve/CVE-2020-6537
https://access.redhat.com/security/cve/CVE-2020-6538
https://access.redhat.com/security/cve/CVE-2020-6539
https://access.redhat.com/security/cve/CVE-2020-6540
https://access.redhat.com/security/cve/CVE-2020-6541
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXzDrltzjgjWX9erEAQjq4A/9F+d6YmvVus3nDkp0gDfuzIt7/Vxs8Fu6
6iMLBHeBDyeiCzQ6s/uhRMfhOV8PpzR0fx60X4wJQAnS71c/XdHN6EhP6ZMPYyRe
nO3rCiFx9EWNeQfkTXD5ngeGvcTjWPkhcH/Gm4C/BJ0HUmP8/FAwVSxHQ/cVah6h
4xfBf9NTRrt944tc+f/gScpuAk2JZMhGoc489tTkNXJ06wOQXPxypJV9GYiLNxoP
9dTv9xvvmTT0Pkct9L7aJyI6XWY2gr1gxfmxlZ0xZumlaOVi1Ug7JafhoKM6sNyV
PSV7Ic4hJTKRtmdO9BWh4ja8fgKAsm7pYsiSMB2hc62qfjyXT3ANKBU6ZXfkaFeo
5Z2xCnaCl2rTN6gExxTC7md2gpPIikpF9uu+7PWhzZEKTgxVdsM+n8Yb2o9/W5j0
r/ggx7pt5dG06gDBUmN1Y2iny9opdFHdxcYkZWSa1K9JuRNL/uhuLIc5pVtZ2BEW
/lwW7HXD1thdsCSueOiDHibf6RtDN0mieRFjfTJHA/wqb6pjfPJ+jk26nzsIVTbv
7JMiJYqYGxNORebhJ/425weveVaiBva8G6puY8hiNqnoe8AHCl7REg4/IpqWH88a
eSXQHDCZGNIc2h9VRhobbZ6AD/yAu9dy711Eel/JhwOzGBZmUxNdv4O/ur4PT9FX
BJye0FQqWD8=MNeg
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce