Red Hat Enterprise Linux 6 Supplementary update for chromium-browser
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 |
| CWE-ID | CWE-416 CWE-942 CWE-787 CWE-357 CWE-125 CWE-122 CWE-284 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Red Hat Enterprise Linux for Scientific Computing Operating systems & Components / Operating system Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Workstation Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system chromium-browser-debuginfo (Red Hat package) Operating systems & Components / Operating system package or component chromium-browser (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU18695
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-5828
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ServiceWorker. A remote attacker can trick the victim to visit a specially crafted webpage, trigger use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU66464
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-5829
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Download Manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Overly permissive cross-domain whitelist
EUVDB-ID: #VU79647
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5830
CWE-ID:
CWE-942 - Overly Permissive Cross-domain Whitelist
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of credentials in CORS. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU79648
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-5831
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in map processing in V8 engine. A remote attacker can trick the victim to open a specially crafted website, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Overly permissive cross-domain whitelist
EUVDB-ID: #VU79649
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5832
CWE-ID:
CWE-942 - Overly Permissive Cross-domain Whitelist
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of CORS in XHR requests. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Insufficient UI Warning of Dangerous Operations
EUVDB-ID: #VU79650
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5833
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect dialog box scoping. A remote attacker can trick the victim to visit a malicious page and spoof the page content.
Install updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU66465
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5835
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Swiftshader component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU66466
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5836
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Angle. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Overly permissive cross-domain whitelist
EUVDB-ID: #VU79652
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5837
CWE-ID:
CWE-942 - Overly Permissive Cross-domain Whitelist
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of cross-origin resources in Appcache. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper access control
EUVDB-ID: #VU79654
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5838
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions to tabs in Extensions. A remote attacker can use an install extension to gain unauthorized access to browser tabs.
Install updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU79655
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive data validation in URL parser in Blink. A remote attacker can trick the victim to click on a specially crafted link and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Insufficient UI Warning of Dangerous Operations
EUVDB-ID: #VU79656
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5840
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect security UI in popup blocker. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
chromium-browser-debuginfo (Red Hat package): before 75.0.3770.80-1.el6_10
chromium-browser (Red Hat package): before 75.0.3770.80-1.el6_10
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser-debuginfo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:chromium-browser_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1477
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
