(RHSA-2019:3211) Critical: chromium-browser security update

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 77.0.3865.120.

Security Fix(es):

• chromium-browser: Use-after-free in media (CVE-2019-5870)

• chromium-browser: Heap overflow in Skia (CVE-2019-5871)

• chromium-browser: Use-after-free in Mojo (CVE-2019-5872)

• chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)

• chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)

• chromium-browser: Use-after-free in media (CVE-2019-5876)

• chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)

• chromium-browser: Use-after-free in V8 (CVE-2019-5878)

• chromium-browser: Use-after-free in offline pages (CVE-2019-13686)

• chromium-browser: Use-after-free in media (CVE-2019-13688)

• chromium-browser: Omnibox spoof (CVE-2019-13691)

• chromium-browser: SOP bypass (CVE-2019-13692)

• chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)

• chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)

• chromium-browser: Use-after-free in audio (CVE-2019-13695)

• chromium-browser: Use-after-free in V8 (CVE-2019-13696)

• chromium-browser: Cross-origin size leak (CVE-2019-13697)

• chromium-browser: Extensions can read some local files (CVE-2019-5879)

• chromium-browser: SameSite cookie bypass (CVE-2019-5880)

• chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)

• chromium-browser: URL spoof (CVE-2019-13659)

• chromium-browser: Full screen notification overlap (CVE-2019-13660)

• chromium-browser: Full screen notification spoof (CVE-2019-13661)

• chromium-browser: CSP bypass (CVE-2019-13662)

• chromium-browser: IDN spoof (CVE-2019-13663)

• chromium-browser: CSRF bypass (CVE-2019-13664)

• chromium-browser: Multiple file download protection bypass (CVE-2019-13665)

• chromium-browser: Side channel using storage size estimate (CVE-2019-13666)

• chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)

• chromium-browser: Global window leak via console (CVE-2019-13668)

• chromium-browser: HTTP authentication spoof (CVE-2019-13669)

• chromium-browser: V8 memory corruption in regex (CVE-2019-13670)

• chromium-browser: Dialog box fails to show origin (CVE-2019-13671)

• chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)

• chromium-browser: IDN spoofing (CVE-2019-13674)

• chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)

• chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)

• chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)

• chromium-browser: Download dialog spoofing (CVE-2019-13678)

• chromium-browser: User gesture needed for printing (CVE-2019-13679)

• chromium-browser: IP address spoofing to servers (CVE-2019-13680)

• chromium-browser: Bypass on download restrictions (CVE-2019-13681)

• chromium-browser: Site isolation bypass (CVE-2019-13682)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.