RHEL 6 : chromium-browser (RHSA-2019:3211)

critical Nessus Plugin ID 130372

Synopsis

The remote Red Hat host is missing one or more security updates for chromium-browser.

Description

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3211 advisory.

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 77.0.3865.120.

Security Fix(es):

* chromium-browser: Use-after-free in media (CVE-2019-5870)

* chromium-browser: Heap overflow in Skia (CVE-2019-5871)

* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)

* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)

* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)

* chromium-browser: Use-after-free in media (CVE-2019-5876)

* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)

* chromium-browser: Use-after-free in V8 (CVE-2019-5878)

* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)

* chromium-browser: Use-after-free in media (CVE-2019-13688)

* chromium-browser: Omnibox spoof (CVE-2019-13691)

* chromium-browser: SOP bypass (CVE-2019-13692)

* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)

* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)

* chromium-browser: Use-after-free in audio (CVE-2019-13695)

* chromium-browser: Use-after-free in V8 (CVE-2019-13696)

* chromium-browser: Cross-origin size leak (CVE-2019-13697)

* chromium-browser: Extensions can read some local files (CVE-2019-5879)

* chromium-browser: SameSite cookie bypass (CVE-2019-5880)

* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)

* chromium-browser: URL spoof (CVE-2019-13659)

* chromium-browser: Full screen notification overlap (CVE-2019-13660)

* chromium-browser: Full screen notification spoof (CVE-2019-13661)

* chromium-browser: CSP bypass (CVE-2019-13662)

* chromium-browser: IDN spoof (CVE-2019-13663)

* chromium-browser: CSRF bypass (CVE-2019-13664)

* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)

* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)

* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)

* chromium-browser: Global window leak via console (CVE-2019-13668)

* chromium-browser: HTTP authentication spoof (CVE-2019-13669)

* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)

* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)

* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)

* chromium-browser: IDN spoofing (CVE-2019-13674)

* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)

* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)

* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)

* chromium-browser: Download dialog spoofing (CVE-2019-13678)

* chromium-browser: User gesture needed for printing (CVE-2019-13679)

* chromium-browser: IP address spoofing to servers (CVE-2019-13680)

* chromium-browser: Bypass on download restrictions (CVE-2019-13681)

* chromium-browser: Site isolation bypass (CVE-2019-13682)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL chromium-browser package based on the guidance in RHSA-2019:3211.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1762395

https://bugzilla.redhat.com/show_bug.cgi?id=1762396

https://bugzilla.redhat.com/show_bug.cgi?id=1762397

https://bugzilla.redhat.com/show_bug.cgi?id=1762398

https://bugzilla.redhat.com/show_bug.cgi?id=1762399

https://bugzilla.redhat.com/show_bug.cgi?id=1762400

https://bugzilla.redhat.com/show_bug.cgi?id=1762401

https://bugzilla.redhat.com/show_bug.cgi?id=1762402

https://bugzilla.redhat.com/show_bug.cgi?id=1762383

https://bugzilla.redhat.com/show_bug.cgi?id=1762384

https://bugzilla.redhat.com/show_bug.cgi?id=1762385

https://bugzilla.redhat.com/show_bug.cgi?id=1762386

https://bugzilla.redhat.com/show_bug.cgi?id=1762387

https://bugzilla.redhat.com/show_bug.cgi?id=1762388

https://bugzilla.redhat.com/show_bug.cgi?id=1762389

https://bugzilla.redhat.com/show_bug.cgi?id=1762390

https://bugzilla.redhat.com/show_bug.cgi?id=1762391

https://bugzilla.redhat.com/show_bug.cgi?id=1762392

https://bugzilla.redhat.com/show_bug.cgi?id=1762393

https://bugzilla.redhat.com/show_bug.cgi?id=1762394

https://bugzilla.redhat.com/show_bug.cgi?id=1762474

https://bugzilla.redhat.com/show_bug.cgi?id=1762476

https://bugzilla.redhat.com/show_bug.cgi?id=1762518

https://bugzilla.redhat.com/show_bug.cgi?id=1762519

https://bugzilla.redhat.com/show_bug.cgi?id=1762520

https://bugzilla.redhat.com/show_bug.cgi?id=1762521

https://bugzilla.redhat.com/show_bug.cgi?id=1762522

http://www.nessus.org/u?18f9caa2

https://access.redhat.com/errata/RHSA-2019:3211

https://access.redhat.com/security/updates/classification/#critical

https://bugzilla.redhat.com/show_bug.cgi?id=1762366

https://bugzilla.redhat.com/show_bug.cgi?id=1762367

https://bugzilla.redhat.com/show_bug.cgi?id=1762368

https://bugzilla.redhat.com/show_bug.cgi?id=1762370

https://bugzilla.redhat.com/show_bug.cgi?id=1762371

https://bugzilla.redhat.com/show_bug.cgi?id=1762372

https://bugzilla.redhat.com/show_bug.cgi?id=1762373

https://bugzilla.redhat.com/show_bug.cgi?id=1762374

https://bugzilla.redhat.com/show_bug.cgi?id=1762375

https://bugzilla.redhat.com/show_bug.cgi?id=1762376

https://bugzilla.redhat.com/show_bug.cgi?id=1762377

https://bugzilla.redhat.com/show_bug.cgi?id=1762378

https://bugzilla.redhat.com/show_bug.cgi?id=1762379

https://bugzilla.redhat.com/show_bug.cgi?id=1762380

https://bugzilla.redhat.com/show_bug.cgi?id=1762381

https://bugzilla.redhat.com/show_bug.cgi?id=1762382

Plugin Details

Severity: Critical

ID: 130372

File Name: redhat-RHSA-2019-3211.nasl

Version: 1.9

Type: local

Agent: unix

Published: 10/30/2019

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-5878

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-5870

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:chromium-browser, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 10/29/2019

Vulnerability Publication Date: 11/25/2019

Reference Information

CVE: CVE-2019-13659, CVE-2019-13660, CVE-2019-13661, CVE-2019-13662, CVE-2019-13663, CVE-2019-13664, CVE-2019-13665, CVE-2019-13666, CVE-2019-13667, CVE-2019-13668, CVE-2019-13669, CVE-2019-13670, CVE-2019-13671, CVE-2019-13673, CVE-2019-13674, CVE-2019-13675, CVE-2019-13676, CVE-2019-13677, CVE-2019-13678, CVE-2019-13679, CVE-2019-13680, CVE-2019-13681, CVE-2019-13682, CVE-2019-13683, CVE-2019-13685, CVE-2019-13686, CVE-2019-13687, CVE-2019-13688, CVE-2019-13691, CVE-2019-13692, CVE-2019-13693, CVE-2019-13694, CVE-2019-13695, CVE-2019-13696, CVE-2019-13697, CVE-2019-5870, CVE-2019-5871, CVE-2019-5872, CVE-2019-5874, CVE-2019-5875, CVE-2019-5876, CVE-2019-5877, CVE-2019-5878, CVE-2019-5879, CVE-2019-5880, CVE-2019-5881

CWE: 416

RHSA: 2019:3211