8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.895 High
EPSS
Percentile
98.7%
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 65.0.3325.146.
Security Fix(es):
chromium-browser: incorrect permissions on shared memory (CVE-2018-6057)
chromium-browser: use-after-free in blink (CVE-2018-6060)
chromium-browser: race condition in v8 (CVE-2018-6061)
chromium-browser: heap buffer overflow in skia (CVE-2018-6062)
chromium-browser: incorrect permissions on shared memory (CVE-2018-6063)
chromium-browser: type confusion in v8 (CVE-2018-6064)
chromium-browser: integer overflow in v8 (CVE-2018-6065)
chromium-browser: same origin bypass via canvas (CVE-2018-6066)
chromium-browser: buffer overflow in skia (CVE-2018-6067)
chromium-browser: stack buffer overflow in skia (CVE-2018-6069)
chromium-browser: csp bypass through extensions (CVE-2018-6070)
chromium-browser: heap bufffer overflow in skia (CVE-2018-6071)
chromium-browser: integer overflow in pdfium (CVE-2018-6072)
chromium-browser: heap bufffer overflow in webgl (CVE-2018-6073)
chromium-browser: mark-of-the-web bypass (CVE-2018-6074)
chromium-browser: overly permissive cross origin downloads (CVE-2018-6075)
chromium-browser: incorrect handling of url fragment identifiers in blink (CVE-2018-6076)
chromium-browser: timing attack using svg filters (CVE-2018-6077)
chromium-browser: url spoof in omnibox (CVE-2018-6078)
chromium-browser: information disclosure via texture data in webgl (CVE-2018-6079)
chromium-browser: information disclosure in ipc call (CVE-2018-6080)
chromium-browser: xss in interstitials (CVE-2018-6081)
chromium-browser: circumvention of port blocking (CVE-2018-6082)
chromium-browser: incorrect processing of appmanifests (CVE-2018-6083)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | i686 | chromium-browser-debuginfo | < 65.0.3325.146-2.el6_9 | chromium-browser-debuginfo-65.0.3325.146-2.el6_9.i686.rpm |
RedHat | 6 | x86_64 | chromium-browser-debuginfo | < 65.0.3325.146-2.el6_9 | chromium-browser-debuginfo-65.0.3325.146-2.el6_9.x86_64.rpm |
RedHat | 6 | i686 | chromium-browser | < 65.0.3325.146-2.el6_9 | chromium-browser-65.0.3325.146-2.el6_9.i686.rpm |
RedHat | 6 | x86_64 | chromium-browser | < 65.0.3325.146-2.el6_9 | chromium-browser-65.0.3325.146-2.el6_9.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.895 High
EPSS
Percentile
98.7%