9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
65.4%
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 77.0.3865.120.
Security Fix(es):
chromium-browser: Use-after-free in media (CVE-2019-5870)
chromium-browser: Heap overflow in Skia (CVE-2019-5871)
chromium-browser: Use-after-free in Mojo (CVE-2019-5872)
chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)
chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)
chromium-browser: Use-after-free in media (CVE-2019-5876)
chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)
chromium-browser: Use-after-free in V8 (CVE-2019-5878)
chromium-browser: Use-after-free in offline pages (CVE-2019-13686)
chromium-browser: Use-after-free in media (CVE-2019-13688)
chromium-browser: Omnibox spoof (CVE-2019-13691)
chromium-browser: SOP bypass (CVE-2019-13692)
chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)
chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)
chromium-browser: Use-after-free in audio (CVE-2019-13695)
chromium-browser: Use-after-free in V8 (CVE-2019-13696)
chromium-browser: Cross-origin size leak (CVE-2019-13697)
chromium-browser: Extensions can read some local files (CVE-2019-5879)
chromium-browser: SameSite cookie bypass (CVE-2019-5880)
chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)
chromium-browser: URL spoof (CVE-2019-13659)
chromium-browser: Full screen notification overlap (CVE-2019-13660)
chromium-browser: Full screen notification spoof (CVE-2019-13661)
chromium-browser: CSP bypass (CVE-2019-13662)
chromium-browser: IDN spoof (CVE-2019-13663)
chromium-browser: CSRF bypass (CVE-2019-13664)
chromium-browser: Multiple file download protection bypass (CVE-2019-13665)
chromium-browser: Side channel using storage size estimate (CVE-2019-13666)
chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)
chromium-browser: Global window leak via console (CVE-2019-13668)
chromium-browser: HTTP authentication spoof (CVE-2019-13669)
chromium-browser: V8 memory corruption in regex (CVE-2019-13670)
chromium-browser: Dialog box fails to show origin (CVE-2019-13671)
chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)
chromium-browser: IDN spoofing (CVE-2019-13674)
chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)
chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)
chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)
chromium-browser: Download dialog spoofing (CVE-2019-13678)
chromium-browser: User gesture needed for printing (CVE-2019-13679)
chromium-browser: IP address spoofing to servers (CVE-2019-13680)
chromium-browser: Bypass on download restrictions (CVE-2019-13681)
chromium-browser: Site isolation bypass (CVE-2019-13682)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | i686 | chromium-browser | < 77.0.3865.120-2.el6_10 | chromium-browser-77.0.3865.120-2.el6_10.i686.rpm |
RedHat | 6 | x86_64 | chromium-browser | < 77.0.3865.120-2.el6_10 | chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm |
RedHat | 6 | i686 | chromium-browser-debuginfo | < 77.0.3865.120-2.el6_10 | chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm |
RedHat | 6 | x86_64 | chromium-browser-debuginfo | < 77.0.3865.120-2.el6_10 | chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm |
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
65.4%