9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.296 Low
EPSS
Percentile
96.9%
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 67.0.3396.62.
Security Fix(es):
chromium-browser: Use after free in Blink (CVE-2018-6123)
chromium-browser: Type confusion in Blink (CVE-2018-6124)
chromium-browser: Overly permissive policy in WebUSB (CVE-2018-6125)
chromium-browser: Heap buffer overflow in Skia (CVE-2018-6126)
chromium-browser: Use after free in indexedDB (CVE-2018-6127)
chromium-browser: Out of bounds memory access in WebRTC (CVE-2018-6129)
chromium-browser: Out of bounds memory access in WebRTC (CVE-2018-6130)
chromium-browser: Incorrect mutability protection in WebAssembly (CVE-2018-6131)
chromium-browser: Use of uninitialized memory in WebRTC (CVE-2018-6132)
chromium-browser: URL spoof in Omnibox (CVE-2018-6133)
chromium-browser: Referrer Policy bypass in Blink (CVE-2018-6134)
chromium-browser: UI spoofing in Blink (CVE-2018-6135)
chromium-browser: Out of bounds memory access in V8 (CVE-2018-6136)
chromium-browser: Leak of visited status of page in Blink (CVE-2018-6137)
chromium-browser: Overly permissive policy in Extensions (CVE-2018-6138)
chromium-browser: Restrictions bypass in the debugger extension API (CVE-2018-6139)
chromium-browser: Restrictions bypass in the debugger extension API (CVE-2018-6140)
chromium-browser: Heap buffer overflow in Skia (CVE-2018-6141)
chromium-browser: Out of bounds memory access in V8 (CVE-2018-6142)
chromium-browser: Out of bounds memory access in V8 (CVE-2018-6143)
chromium-browser: Out of bounds memory access in PDFium (CVE-2018-6144)
chromium-browser: Incorrect escaping of MathML in Blink (CVE-2018-6145)
chromium-browser: Password fields not taking advantage of OS protections in Views (CVE-2018-6147)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | i686 | chromium-browser | < 67.0.3396.62-2.el6_9 | chromium-browser-67.0.3396.62-2.el6_9.i686.rpm |
RedHat | 6 | x86_64 | chromium-browser | < 67.0.3396.62-2.el6_9 | chromium-browser-67.0.3396.62-2.el6_9.x86_64.rpm |
RedHat | 6 | i686 | chromium-browser-debuginfo | < 67.0.3396.62-2.el6_9 | chromium-browser-debuginfo-67.0.3396.62-2.el6_9.i686.rpm |
RedHat | 6 | x86_64 | chromium-browser-debuginfo | < 67.0.3396.62-2.el6_9 | chromium-browser-debuginfo-67.0.3396.62-2.el6_9.x86_64.rpm |
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.296 Low
EPSS
Percentile
96.9%