RHSA-2018:1195-01 -- Redhat chromium-browser, chromium-browser-debuginfoID: oval:org.secpod.oval:def:505266 | Date: (C)2021-01-04 (M)2022-06-24 |
Class: PATCH | Family: unix |
Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 66.0.3359.117. Security Fix: * chromium-browser: Use after free in Disk Cache * chromium-browser: Use after free in Disk Cache * chromium-browser: Use after free in WebAssembly * chromium-browser: Use after free in PDFium * chromium-browser: Same origin policy bypass in Service Worker * chromium-browser: Heap buffer overflow in Skia * chromium-browser: Incorrect handling of plug-ins by Service Worker * chromium-browser: Integer overflow in WebAssembly * chromium-browser: Same origin bypass in Service Worker * chromium-browser: Exploit hardening regression in Oilpan * chromium-browser: Lack of meaningful user interaction requirement before file upload * chromium-browser: Fullscreen UI spoof * chromium-browser: Fullscreen UI spoof * chromium-browser: URL spoof in Omnibox * chromium-browser: CORS bypass in ServiceWorker * chromium-browser: URL spoof in Omnibox * chromium-browser: Insufficient protection of remote debugging prototol in DevTools * chromium-browser: URL spoof in Omnibox * chromium-browser: UI spoof in Permissions * chromium-browser: URL spoof in Omnibox * chromium-browser: URL spoof in Omnibox * chromium-browser: Incorrect handling of promises in V8 * chromium-browser: URL spoof in Omnibox * chromium-browser: URL spoof in Omnibox * chromium-browser: Incorrect handling of files by FileAPI * chromium-browser: Incorrect handling of plaintext files via file:// * chromium-browser: Heap-use-after-free in DevTools * chromium-browser: Incorrect URL handling in DevTools * chromium-browser: URL spoof in Navigation * chromium-browser: CSP bypass * chromium-browser: Incorrect low memory handling in WebAssembly * chromium-browser: Confusing autofill settings For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 6 |
Product: |
chromium-browser |
chromium-browser-debuginfo |