An out of bounds read flaw was found in the Skia component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=883596 External References: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1688209] Affects: fedora-all [bug 1688208]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:0708 https://access.redhat.com/errata/RHSA-2019:0708
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1265 https://access.redhat.com/errata/RHSA-2019:1265
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1267 https://access.redhat.com/errata/RHSA-2019:1267
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1269 https://access.redhat.com/errata/RHSA-2019:1269
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1308
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1309
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1310 https://access.redhat.com/errata/RHSA-2019:1310