search

gcarq / inox-patchset

Inox patchset tries to provide a minimal Chromium based browser with focus on privacy by disabling data transmission to Google.
BSD 2-Clause "Simplified" License
364 stars 26 forks source link

Enhacement: Fix these CVEs #72

Closed nyancat18 closed 7 years ago

nyancat18 commented 7 years ago

[$9337][698622] Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar [$3000][699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs [$1000][662767] High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin [$N/A][705445] High CVE-2017-5056: Use after free in Blink. Credit to anonymous [$N/A][702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html

nyancat18 commented 7 years ago

https://build.opensuse.org/package/show/home:meh924f:archlinux/inox

i'm making an emergency bugfix

nyancat18 commented 7 years ago

https://security.archlinux.org/AVG-231

nyancat18 commented 7 years ago

@gcarq

gcarq commented 7 years ago

Fixed with 57.0.2987.133. Thanks for the emergency release.