A memory corruption flaw was found in the Angle component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=880906 External References: https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1640122] Affects: fedora-all [bug 1640121]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3004
This flaw also affected Firefox 60.3 ESR: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-17466
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3831
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2018:3833
Statement: In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0159
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0160 https://access.redhat.com/errata/RHSA-2019:0160