8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.4%
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 64.0.3282.119.
Security Fix(es):
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)
To mitigate timing-based side-channel attacks similar to “Spectre” and “Meltdown”, this update reduces the precision of the timing data provided by the Date object and the performance.now() API, and the V8 JavaScript engine now uses masking of certain addresses and array or string indices.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | chromium-browser | < 64.0.3282.119-1.el6_9 | chromium-browser-64.0.3282.119-1.el6_9.x86_64.rpm |
RedHat | 6 | i686 | chromium-browser-debuginfo | < 64.0.3282.119-1.el6_9 | chromium-browser-debuginfo-64.0.3282.119-1.el6_9.i686.rpm |
RedHat | 6 | i686 | chromium-browser | < 64.0.3282.119-1.el6_9 | chromium-browser-64.0.3282.119-1.el6_9.i686.rpm |
RedHat | 6 | x86_64 | chromium-browser-debuginfo | < 64.0.3282.119-1.el6_9 | chromium-browser-debuginfo-64.0.3282.119-1.el6_9.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.4%