An update for chromium-browser is now available for Red Hat Enterprise Linux 6Supplementary.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Chromium is an open-source web browser, powered by WebKit (Blink).This update upgrades Chromium to version 54.0.2840.59.Security Fix(es):* Multiple flaws were found in the processing of malformed web content.

A webpage containing malicious content could cause Chromium to crash, executearbitrary code, or disclose sensitive information when visited by the victim.(CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185,CVE-2016-5187, CVE-2016-5194, CVE-2016-5186, CVE-2016-5188, CVE-2016-5189,CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193)
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing the update, Chromium must be restarted for the changes to takeeffect.Red Hat Enterprise Linux Desktop Supplementary (v. 6)

IA-32:
chromium-browser-54.0.2840.59-1.el6.i686.rpm
    MD5: 9acca23712bd8cb4f9f53617c0d87f36SHA-256: d563c13a1bdeb6a735f8c9b7018e10ce761452d78168ae1141de3069c6b2a1df
chromium-browser-debuginfo-54.0.2840.59-1.el6.i686.rpm
    MD5: 98bf41179ac50d4c7fe7ace641c99f1fSHA-256: dee9f84467f189f59305c2b31f6b2c5eee52cd177cb0359c1bfa3f4722c70db9
 
x86_64:
chromium-browser-54.0.2840.59-1.el6.x86_64.rpm
    MD5: 25c752abe7e6cf4dedba0f19c1794b96SHA-256: 187a5bbc297e935dd0bc8ba609006c068d49c061a01a9890b01dc34907eaf4ae
chromium-browser-debuginfo-54.0.2840.59-1.el6.x86_64.rpm
    MD5: de7ce6fd92903a0ba0c58fe54fb2b679SHA-256: 794f5c567a35547b385c7f9d58d36dfd726c029b4cd39511c8dbc2e95b256777
 
Red Hat Enterprise Linux Server Supplementary (v. 6)

IA-32:
chromium-browser-54.0.2840.59-1.el6.i686.rpm
    MD5: 9acca23712bd8cb4f9f53617c0d87f36SHA-256: d563c13a1bdeb6a735f8c9b7018e10ce761452d78168ae1141de3069c6b2a1df
chromium-browser-debuginfo-54.0.2840.59-1.el6.i686.rpm
    MD5: 98bf41179ac50d4c7fe7ace641c99f1fSHA-256: dee9f84467f189f59305c2b31f6b2c5eee52cd177cb0359c1bfa3f4722c70db9
 
x86_64:
chromium-browser-54.0.2840.59-1.el6.x86_64.rpm
    MD5: 25c752abe7e6cf4dedba0f19c1794b96SHA-256: 187a5bbc297e935dd0bc8ba609006c068d49c061a01a9890b01dc34907eaf4ae
chromium-browser-debuginfo-54.0.2840.59-1.el6.x86_64.rpm
    MD5: de7ce6fd92903a0ba0c58fe54fb2b679SHA-256: 794f5c567a35547b385c7f9d58d36dfd726c029b4cd39511c8dbc2e95b256777
 
Red Hat Enterprise Linux Workstation Supplementary (v. 6)

IA-32:
chromium-browser-54.0.2840.59-1.el6.i686.rpm
    MD5: 9acca23712bd8cb4f9f53617c0d87f36SHA-256: d563c13a1bdeb6a735f8c9b7018e10ce761452d78168ae1141de3069c6b2a1df
chromium-browser-debuginfo-54.0.2840.59-1.el6.i686.rpm
    MD5: 98bf41179ac50d4c7fe7ace641c99f1fSHA-256: dee9f84467f189f59305c2b31f6b2c5eee52cd177cb0359c1bfa3f4722c70db9
 
x86_64:
chromium-browser-54.0.2840.59-1.el6.x86_64.rpm
    MD5: 25c752abe7e6cf4dedba0f19c1794b96SHA-256: 187a5bbc297e935dd0bc8ba609006c068d49c061a01a9890b01dc34907eaf4ae
chromium-browser-debuginfo-54.0.2840.59-1.el6.x86_64.rpm
    MD5: de7ce6fd92903a0ba0c58fe54fb2b679SHA-256: 794f5c567a35547b385c7f9d58d36dfd726c029b4cd39511c8dbc2e95b256777
 
(The unlinked packages above are only available from the Red Hat Network)

1384347 – CVE-2016-5181 chromium-browser: universal xss in blink1384348 – CVE-2016-5182 chromium-browser: heap overflow in blink1384349 – CVE-2016-5183 chromium-browser: use after free in pdfium1384350 – CVE-2016-5184 chromium-browser: use after free in pdfium1384352 – CVE-2016-5185 chromium-browser: use after free in blink1384354 – CVE-2016-5187 chromium-browser: url spoofing1384355 – CVE-2016-5188 chromium-browser: ui spoofing1384357 – CVE-2016-5192 chromium-browser: cross-origin bypass in blink1384358 – CVE-2016-5189 chromium-browser: url spoofing1384360 – CVE-2016-5186 chromium-browser: out of bounds read in devtools1384361 – CVE-2016-5191 chromium-browser: universal xss in bookmarks1384362 – CVE-2016-5190 chromium-browser: use after free in internals1384364 – CVE-2016-5193 chromium-browser: scheme bypass1384365 – CVE-2016-5194 chromium-browser: various fixes from internal audits

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply