(RHSA-2018:0484) Important: chromium-browser security update

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 65.0.3325.146.

Security Fix(es):

• chromium-browser: incorrect permissions on shared memory (CVE-2018-6057)

• chromium-browser: use-after-free in blink (CVE-2018-6060)

• chromium-browser: race condition in v8 (CVE-2018-6061)

• chromium-browser: heap buffer overflow in skia (CVE-2018-6062)

• chromium-browser: incorrect permissions on shared memory (CVE-2018-6063)

• chromium-browser: type confusion in v8 (CVE-2018-6064)

• chromium-browser: integer overflow in v8 (CVE-2018-6065)

• chromium-browser: same origin bypass via canvas (CVE-2018-6066)

• chromium-browser: buffer overflow in skia (CVE-2018-6067)

• chromium-browser: stack buffer overflow in skia (CVE-2018-6069)

• chromium-browser: csp bypass through extensions (CVE-2018-6070)

• chromium-browser: heap bufffer overflow in skia (CVE-2018-6071)

• chromium-browser: integer overflow in pdfium (CVE-2018-6072)

• chromium-browser: heap bufffer overflow in webgl (CVE-2018-6073)

• chromium-browser: mark-of-the-web bypass (CVE-2018-6074)

• chromium-browser: overly permissive cross origin downloads (CVE-2018-6075)

• chromium-browser: incorrect handling of url fragment identifiers in blink (CVE-2018-6076)

• chromium-browser: timing attack using svg filters (CVE-2018-6077)

• chromium-browser: url spoof in omnibox (CVE-2018-6078)

• chromium-browser: information disclosure via texture data in webgl (CVE-2018-6079)

• chromium-browser: information disclosure in ipc call (CVE-2018-6080)

• chromium-browser: xss in interstitials (CVE-2018-6081)

• chromium-browser: circumvention of port blocking (CVE-2018-6082)

• chromium-browser: incorrect processing of appmanifests (CVE-2018-6083)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.