A script injection flaw was found in the New Tab Page component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=844428 External References: https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:2666 https://access.redhat.com/errata/RHSA-2018:2666