(RHSA-2018:0265) Important: chromium-browser security update

2018-02-01T20:56:48
ID RHSA-2018:0265
Type redhat
Reporter RedHat
Modified 2018-09-27T09:05:18

Description

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 64.0.3282.119.

Security Fix(es):

  • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)

  • To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", this update reduces the precision of the timing data provided by the Date object and the performance.now() API, and the V8 JavaScript engine now uses masking of certain addresses and array or string indices.