Created attachment 212180 [details]
Update www/chromium port to 80.x

Apparently, there are active CVEs being used in the wild against 79.x:

> This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
> [$5000][1044570] High: Integer overflow in ICU. Reported by André Bargull (with thanks to Jeff Walden from Mozilla) on 2020-01-22
> [N/A][1045931] High CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
> This release also contains:
> [N/A][1053604] High CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18
> Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.

I've rebased our patches against the latest 80.x stable at the time I started the work a few days ago, 80.0.3987.132, and tested the ordinary Release configuration with default knobs against a few "smoke test" websites:
google / basic browsing

Source link

You must be logged in to post a comment.