Created attachment 212180 [details]
Update www/chromium port to 80.x

Apparently, there are active CVEs being used in the wild against 79.x:

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

> This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
>
> [$5000][1044570] High: Integer overflow in ICU. Reported by André Bargull (with thanks to Jeff Walden from Mozilla) on 2020-01-22
> [N/A][1045931] High CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
>
> This release also contains:
> [N/A][1053604] High CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18
>
> Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.

I've rebased our patches against the latest 80.x stable at the time I started the work a few days ago, 80.0.3987.132, and tested the ordinary Release configuration with default knobs against a few "smoke test" websites:

david.li/waves
youtube.com
google / basic browsing



Source link

You must be logged in to post a comment.