Red Hat Enterprise Linux update for Chromium

Published: 2017-05-12 | Updated: 2021-06-14

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2017-5068
CWE-ID	CWE-362
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Race condition

EUVDB-ID: #VU6417

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-5068

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a race condition in WebRTC when processing web pages. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Red Hat Enterprise Linux Server 6

SRPM
x86_64
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm	SHA-256: 4c2c68bc9b5943038644b645c89b6f28bbba7cf68b9e0b6bac2159204eb9315f
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm	SHA-256: aa40bbb872d341eb8fee7769d894366681bf411b125f6aaa8922e6826d92fc82
i386
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm	SHA-256: 787582a1559a7e8131216ffa1713c2ab97c1716da1e346cbc12257f4455b0778
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm	SHA-256: 4c0cf4f630ba832947801d272ce5b5e32b15ded37272a3b4b44694f3293ae4e8

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm	SHA-256: 4c2c68bc9b5943038644b645c89b6f28bbba7cf68b9e0b6bac2159204eb9315f
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm	SHA-256: aa40bbb872d341eb8fee7769d894366681bf411b125f6aaa8922e6826d92fc82
i386
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm	SHA-256: 787582a1559a7e8131216ffa1713c2ab97c1716da1e346cbc12257f4455b0778
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm	SHA-256: 4c0cf4f630ba832947801d272ce5b5e32b15ded37272a3b4b44694f3293ae4e8

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
chromium-browser-58.0.3029.96-1.el6_9.x86_64.rpm	SHA-256: 4c2c68bc9b5943038644b645c89b6f28bbba7cf68b9e0b6bac2159204eb9315f
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.x86_64.rpm	SHA-256: aa40bbb872d341eb8fee7769d894366681bf411b125f6aaa8922e6826d92fc82
i386
chromium-browser-58.0.3029.96-1.el6_9.i686.rpm	SHA-256: 787582a1559a7e8131216ffa1713c2ab97c1716da1e346cbc12257f4455b0778
chromium-browser-debuginfo-58.0.3029.96-1.el6_9.i686.rpm	SHA-256: 4c0cf4f630ba832947801d272ce5b5e32b15ded37272a3b4b44694f3293ae4e8

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6

CPE2.3

cpe:2.3:o:red_hat:red_hat_enterprise_linux:6:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2017:1228

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.