Fix for CVE-2019-5786 Chrome vulnerability

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Fix for CVE-2019-5786 Chrome vulnerability

Postby callum » Thu Mar 07, 2019 11:50 am

How long is it likely to be before a fix for the Chrome CVE-2019-5786 vulnerability makes its way into a CEF builds for both Windows and macOS and can you outline steps to take in order to track progress of the fix from the Chromium source to a CEF build at the Spotify open source site?

Thank you.
callum
Expert
 
Posts: 285
Joined: Mon Feb 23, 2015 6:19 pm

Re: Fix for CVE-2019-5786 Chrome vulnerability

Postby magreenblatt » Thu Mar 07, 2019 1:40 pm

Spotify builds with the fix should be available tomorrow. If you wish to patch your own local builds see https://bitbucket.org/chromiumembedded/ ... ty-in/diff
magreenblatt
Site Admin
 
Posts: 10542
Joined: Fri May 29, 2009 6:57 pm

Re: Fix for CVE-2019-5786 Chrome vulnerability

Postby callum » Thu Mar 07, 2019 1:52 pm

Excellent - thank you.
callum
Expert
 
Posts: 285
Joined: Mon Feb 23, 2015 6:19 pm

Re: Fix for CVE-2019-5786 Chrome vulnerability

Postby magreenblatt » Thu Mar 07, 2019 4:19 pm

Chromium infrastructure is experiencing some issues (https://crbug.com/939075) so builds may be delayed.
magreenblatt
Site Admin
 
Posts: 10542
Joined: Fri May 29, 2009 6:57 pm

Re: Fix for CVE-2019-5786 Chrome vulnerability

Postby callum » Fri Mar 08, 2019 11:15 am

I see a new version appeared today on the Spotify site but I imagine that one was already in the pipeline before the fix was put in place.

We're looking for a version built with Chromium 72.0.3626.121 I think aren't we?
callum
Expert
 
Posts: 285
Joined: Mon Feb 23, 2015 6:19 pm

Re: Fix for CVE-2019-5786 Chrome vulnerability

Postby magreenblatt » Fri Mar 08, 2019 11:40 am

Looks like 3.3626.1895.g7001d56 has been uploaded with Chromium version 72.0.3626.121 but the index.html cache hasn't expired yet (at least for me) so they're not showing up on that page. You can search for them in the JSON file instead: http://opensource.spotify.com/cefbuilds/index.json
magreenblatt
Site Admin
 
Posts: 10542
Joined: Fri May 29, 2009 6:57 pm

Re: Fix for CVE-2019-5786 Chrome vulnerability

Postby callum » Fri Mar 08, 2019 12:28 pm

Got it - thank you.
callum
Expert
 
Posts: 285
Joined: Mon Feb 23, 2015 6:19 pm


Return to Support Forum

Who is online

Users browsing this forum: Majestic-12 [Bot] and 34 guests