|Reported by:||Owned by:||blfs-book|
Description (last modified by )
Vulnerability fixes. While investigating a firefox vulnerability, I got to https://security-tracker.debian.org/tracker/CVE-2018-6126 where it turns out that the vulnerability was originally found in chromium (or perhaps in chrome).
According to that, it is fixed in 67.0.3396.62. But Arch's security report says it is fixed in 67.0.3396.79.
Looking at qtwebengine there are lots more vulnerabilities addressed by upstream patches to the chromium code.
I don't know my way around chromium, but a .tar.gz for .79 is currently on about the fourth page of https://github.com/chromium/chromium/releases
According to Arch, .87 fixes an out of bounds write in the V8 code which can lead to arbitrary code execution.
I'm still trying to see if I can build this beast (Arch use clang because of a gcc-8.1 issue, but I found a patch at fedora this morning, haven't had time to try it yet).
Change History (20)
comment:3 by , 4 years ago
|Priority:||normal → high|
|Summary:||chromium-66.0.3359.117 → chromium-67.0.3396.79|
|Type:||enhancement → defect|
comment:5 by , 4 years ago
|Summary:||chromium-67.0.3396.79 → chromium-67.0.3396.87|