8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.192 Low
EPSS
Percentile
96.2%
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 66.0.3359.117.
Security Fix(es):
chromium-browser: Use after free in Disk Cache (CVE-2018-6085)
chromium-browser: Use after free in Disk Cache (CVE-2018-6086)
chromium-browser: Use after free in WebAssembly (CVE-2018-6087)
chromium-browser: Use after free in PDFium (CVE-2018-6088)
chromium-browser: Same origin policy bypass in Service Worker (CVE-2018-6089)
chromium-browser: Heap buffer overflow in Skia (CVE-2018-6090)
chromium-browser: Incorrect handling of plug-ins by Service Worker (CVE-2018-6091)
chromium-browser: Integer overflow in WebAssembly (CVE-2018-6092)
chromium-browser: Same origin bypass in Service Worker (CVE-2018-6093)
chromium-browser: Exploit hardening regression in Oilpan (CVE-2018-6094)
chromium-browser: Lack of meaningful user interaction requirement before file upload (CVE-2018-6095)
chromium-browser: Fullscreen UI spoof (CVE-2018-6096)
chromium-browser: Fullscreen UI spoof (CVE-2018-6097)
chromium-browser: URL spoof in Omnibox (CVE-2018-6098)
chromium-browser: CORS bypass in ServiceWorker (CVE-2018-6099)
chromium-browser: URL spoof in Omnibox (CVE-2018-6100)
chromium-browser: Insufficient protection of remote debugging prototol in DevTools (CVE-2018-6101)
chromium-browser: URL spoof in Omnibox (CVE-2018-6102)
chromium-browser: UI spoof in Permissions (CVE-2018-6103)
chromium-browser: URL spoof in Omnibox (CVE-2018-6104)
chromium-browser: URL spoof in Omnibox (CVE-2018-6105)
chromium-browser: Incorrect handling of promises in V8 (CVE-2018-6106)
chromium-browser: URL spoof in Omnibox (CVE-2018-6107)
chromium-browser: URL spoof in Omnibox (CVE-2018-6108)
chromium-browser: Incorrect handling of files by FileAPI (CVE-2018-6109)
chromium-browser: Incorrect handling of plaintext files via file:// (CVE-2018-6110)
chromium-browser: Heap-use-after-free in DevTools (CVE-2018-6111)
chromium-browser: Incorrect URL handling in DevTools (CVE-2018-6112)
chromium-browser: URL spoof in Navigation (CVE-2018-6113)
chromium-browser: CSP bypass (CVE-2018-6114)
chromium-browser: Incorrect low memory handling in WebAssembly (CVE-2018-6116)
chromium-browser: Confusing autofill settings (CVE-2018-6117)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | chromium-browser-debuginfo | < 66.0.3359.117-1.el6_9 | chromium-browser-debuginfo-66.0.3359.117-1.el6_9.x86_64.rpm |
RedHat | 6 | i686 | chromium-browser | < 66.0.3359.117-1.el6_9 | chromium-browser-66.0.3359.117-1.el6_9.i686.rpm |
RedHat | 6 | i686 | chromium-browser-debuginfo | < 66.0.3359.117-1.el6_9 | chromium-browser-debuginfo-66.0.3359.117-1.el6_9.i686.rpm |
RedHat | 6 | x86_64 | chromium-browser | < 66.0.3359.117-1.el6_9 | chromium-browser-66.0.3359.117-1.el6_9.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.192 Low
EPSS
Percentile
96.2%