Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Release Notes
electron/electron
### [`v19.1.9`](https://togithub.com/electron/electron/releases/tag/v19.1.9): electron v19.1.9
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.8...v19.1.9)
### Release Notes for v19.1.9
#### End of Support for 19.x.y
Electron 19.x.y has reached end-of-support as per the project's [support policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy). Developers and applications are encouraged to upgrade to a newer version of Electron.
#### Other Changes
- Security: backported fix for [`1333333`](https://togithub.com/electron/electron/commit/1333333). [#35053](https://togithub.com/electron/electron/pull/35053)
- Security: backported fix for CVE-2022-4135. [#36447](https://togithub.com/electron/electron/pull/36447)
### [`v19.1.8`](https://togithub.com/electron/electron/releases/tag/v19.1.8): electron v19.1.8
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.7...v19.1.8)
### Release Notes for v19.1.8
#### Other Changes
- Security: backported fix for [`1333333`](https://togithub.com/electron/electron/commit/1333333). [#35053](https://togithub.com/electron/electron/pull/35053)
- Security: backported fix for CVE-2022-4135. [#36447](https://togithub.com/electron/electron/pull/36447)
### [`v19.1.7`](https://togithub.com/electron/electron/releases/tag/v19.1.7): electron v19.1.7
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.6...v19.1.7)
### Release Notes for v19.1.7
#### Fixes
- Fixed crash in `AXNodeObject::TextFromDescendants()`. [#36285](https://togithub.com/electron/electron/pull/36285)
#### Other Changes
- Security: backported fix for [`1376637`](https://togithub.com/electron/electron/commit/1376637). [#36312](https://togithub.com/electron/electron/pull/36312)
- Security: backported fix for CVE-2022-3885. [#36295](https://togithub.com/electron/electron/pull/36295)
- Security: backported fix for CVE-2022-3887. [#36305](https://togithub.com/electron/electron/pull/36305)
- Security: backported fix for CVE-2022-3888. [#36297](https://togithub.com/electron/electron/pull/36297)
- Security: backported fix for CVE-2022-3889. [#36299](https://togithub.com/electron/electron/pull/36299)
- Security: backported fix for CVE-2022-3890. [#36301](https://togithub.com/electron/electron/pull/36301)
### [`v19.1.6`](https://togithub.com/electron/electron/releases/tag/v19.1.6): electron v19.1.6
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.5...v19.1.6)
### Release Notes for v19.1.6
#### Fixes
- Fixed crash in `AXNodeObject::TextFromDescendants()`. [#36285](https://togithub.com/electron/electron/pull/36285)
#### Other Changes
- Security: backported fix for [`1376637`](https://togithub.com/electron/electron/commit/1376637). [#36312](https://togithub.com/electron/electron/pull/36312)
- Security: backported fix for CVE-2022-3885. [#36295](https://togithub.com/electron/electron/pull/36295)
- Security: backported fix for CVE-2022-3887. [#36305](https://togithub.com/electron/electron/pull/36305)
- Security: backported fix for CVE-2022-3888. [#36297](https://togithub.com/electron/electron/pull/36297)
- Security: backported fix for CVE-2022-3889. [#36299](https://togithub.com/electron/electron/pull/36299)
- Security: backported fix for CVE-2022-3890. [#36301](https://togithub.com/electron/electron/pull/36301)
### [`v19.1.5`](https://togithub.com/electron/electron/releases/tag/v19.1.5): electron v19.1.5
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.4...v19.1.5)
### Release Notes for v19.1.5
#### Other Changes
- Security: backported fix for [`1356234`](https://togithub.com/electron/electron/commit/1356234). [#36221](https://togithub.com/electron/electron/pull/36221)
- Security: backported fix for [`1361612`](https://togithub.com/electron/electron/commit/1361612). [#36218](https://togithub.com/electron/electron/pull/36218)
- Security: backported fix for CVE-2022-3654. [#36207](https://togithub.com/electron/electron/pull/36207)
- Security: backported fix for CVE-2022-3656. [#36224](https://togithub.com/electron/electron/pull/36224)
- Security: backported fix for CVE-2022-3723. [#36225](https://togithub.com/electron/electron/pull/36225)
#### Unknown
- Reverted fix for chromium:1361612 due to stability issues. [#36262](https://togithub.com/electron/electron/pull/36262)
### [`v19.1.4`](https://togithub.com/electron/electron/releases/tag/v19.1.4): electron v19.1.4
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.3...v19.1.4)
### Release Notes for v19.1.4
#### Other Changes
- Security: backported fix for [`1364604`](https://togithub.com/electron/electron/commit/1364604). [#36081](https://togithub.com/electron/electron/pull/36081)
- Security: backported fix for [`1368076`](https://togithub.com/electron/electron/commit/1368076). [#36086](https://togithub.com/electron/electron/pull/36086)
- Security: backported fix for [`1373314`](https://togithub.com/electron/electron/commit/1373314). [#36215](https://togithub.com/electron/electron/pull/36215)
- Security: backported fix for CVE-2022-3450. [#36077](https://togithub.com/electron/electron/pull/36077)
- Security: backported fix for CVE-2022-3652. [#36205](https://togithub.com/electron/electron/pull/36205)
- Security: backported fix for CVE-2022-3653. [#36209](https://togithub.com/electron/electron/pull/36209)
### [`v19.1.3`](https://togithub.com/electron/electron/releases/tag/v19.1.3): electron v19.1.3
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.2...v19.1.3)
### Release Notes for v19.1.3
#### Other Changes
- Security: backported fix for CVE-2022-3304. [#35879](https://togithub.com/electron/electron/pull/35879)
- Security: backported fix for CVE-2022-3307. [#35882](https://togithub.com/electron/electron/pull/35882)
- Security: backported fix for CVE-2022-3315. [#35918](https://togithub.com/electron/electron/pull/35918)
### [`v19.1.2`](https://togithub.com/electron/electron/releases/tag/v19.1.2): electron v19.1.2
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.1...v19.1.2)
### Release Notes for v19.1.2
#### Fixes
- Provided display_id for desktopCapturer on Linux. [#35835](https://togithub.com/electron/electron/pull/35835) (Also in [20](https://togithub.com/electron/electron/pull/35834), [21](https://togithub.com/electron/electron/pull/35836))
#### Other Changes
- Security: backported fix for [`1356308`](https://togithub.com/electron/electron/commit/1356308). [#35891](https://togithub.com/electron/electron/pull/35891)
- Security: backported fix for CVE-2022-3370. [#35885](https://togithub.com/electron/electron/pull/35885)
- Security: backported fix for CVE-2022-3373. [#35888](https://togithub.com/electron/electron/pull/35888)
### [`v19.1.1`](https://togithub.com/electron/electron/releases/tag/v19.1.1): electron v19.1.1
[Compare Source](https://togithub.com/electron/electron/compare/v19.1.0...v19.1.1)
### Release Notes for v19.1.1
#### Fixes
- Fixed an issue where DevTools could not be docked with Windows Control Overlay enabled. [#35763](https://togithub.com/electron/electron/pull/35763) (Also in [20](https://togithub.com/electron/electron/pull/35764), [21](https://togithub.com/electron/electron/pull/35765))
- Usage of `safeStorage` now consistently uses the correct service name on macOS regardless of timing with browser window construction. [#35795](https://togithub.com/electron/electron/pull/35795) (Also in [20](https://togithub.com/electron/electron/pull/35796))
#### Other Changes
- Security: backported fix chromium:1346938. [#35826](https://togithub.com/electron/electron/pull/35826)
- Security: backported fix for [`1348283`](https://togithub.com/electron/electron/commit/1348283). [#35793](https://togithub.com/electron/electron/pull/35793)
- Security: backported fix for CVE-2022-3196. [#35787](https://togithub.com/electron/electron/pull/35787)
- Security: backported fix for CVE-2022-3197. [#35789](https://togithub.com/electron/electron/pull/35789)
- Security: backported fix for CVE-2022-3198. [#35791](https://togithub.com/electron/electron/pull/35791)
- Security: backported fix for chromium:1359294,v8:12578. [#35774](https://togithub.com/electron/electron/pull/35774)
#### Documentation
- Documentation changes: [#35330](https://togithub.com/electron/electron/pull/35330)
### [`v19.1.0`](https://togithub.com/electron/electron/releases/tag/v19.1.0): electron v19.1.0
[Compare Source](https://togithub.com/electron/electron/compare/v19.0.17...v19.1.0)
### Release Notes for v19.1.0
#### Features
- Added `webFrameMain.origin`. [#35624](https://togithub.com/electron/electron/pull/35624) (Also in [20](https://togithub.com/electron/electron/pull/35535), [21](https://togithub.com/electron/electron/pull/35534))
#### Fixes
- Enable WCO maximize button when window enters tablet mode and is not already maximized. [#35677](https://togithub.com/electron/electron/pull/35677) (Also in [20](https://togithub.com/electron/electron/pull/35663), [21](https://togithub.com/electron/electron/pull/35664))
- Fixed `uv_os_gethostname` failing on Windows 7. [#35703](https://togithub.com/electron/electron/pull/35703) (Also in [20](https://togithub.com/electron/electron/pull/35705), [21](https://togithub.com/electron/electron/pull/35704))
- Fixed a bug where calling `atob` in the renderer process could fail under some circumstances. [#35444](https://togithub.com/electron/electron/pull/35444) (Also in [20](https://togithub.com/electron/electron/pull/35445), [21](https://togithub.com/electron/electron/pull/35443))
- Fixed an edge case in `app.isInApplicationsFolder()` which would return false incorrectly in some cases. [#35729](https://togithub.com/electron/electron/pull/35729) (Also in [20](https://togithub.com/electron/electron/pull/35731), [21](https://togithub.com/electron/electron/pull/35730))
#### Other Changes
- Fixed an issue where a child of a window using WCO would not have the navigator defined. [#35701](https://togithub.com/electron/electron/pull/35701)
- Security: backported fix for CVE-2022-3038. [#35548](https://togithub.com/electron/electron/pull/35548)
- Security: backported fix for CVE-2022-3199. [#35750](https://togithub.com/electron/electron/pull/35750)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
~19.0.0
->~19.1.0
GitHub Vulnerability Alerts
CVE-2022-4135
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Release Notes
electron/electron
### [`v19.1.9`](https://togithub.com/electron/electron/releases/tag/v19.1.9): electron v19.1.9 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.8...v19.1.9) ### Release Notes for v19.1.9 #### End of Support for 19.x.y Electron 19.x.y has reached end-of-support as per the project's [support policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy). Developers and applications are encouraged to upgrade to a newer version of Electron. #### Other Changes - Security: backported fix for [`1333333`](https://togithub.com/electron/electron/commit/1333333). [#35053](https://togithub.com/electron/electron/pull/35053) - Security: backported fix for CVE-2022-4135. [#36447](https://togithub.com/electron/electron/pull/36447) ### [`v19.1.8`](https://togithub.com/electron/electron/releases/tag/v19.1.8): electron v19.1.8 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.7...v19.1.8) ### Release Notes for v19.1.8 #### Other Changes - Security: backported fix for [`1333333`](https://togithub.com/electron/electron/commit/1333333). [#35053](https://togithub.com/electron/electron/pull/35053) - Security: backported fix for CVE-2022-4135. [#36447](https://togithub.com/electron/electron/pull/36447) ### [`v19.1.7`](https://togithub.com/electron/electron/releases/tag/v19.1.7): electron v19.1.7 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.6...v19.1.7) ### Release Notes for v19.1.7 #### Fixes - Fixed crash in `AXNodeObject::TextFromDescendants()`. [#36285](https://togithub.com/electron/electron/pull/36285) #### Other Changes - Security: backported fix for [`1376637`](https://togithub.com/electron/electron/commit/1376637). [#36312](https://togithub.com/electron/electron/pull/36312) - Security: backported fix for CVE-2022-3885. [#36295](https://togithub.com/electron/electron/pull/36295) - Security: backported fix for CVE-2022-3887. [#36305](https://togithub.com/electron/electron/pull/36305) - Security: backported fix for CVE-2022-3888. [#36297](https://togithub.com/electron/electron/pull/36297) - Security: backported fix for CVE-2022-3889. [#36299](https://togithub.com/electron/electron/pull/36299) - Security: backported fix for CVE-2022-3890. [#36301](https://togithub.com/electron/electron/pull/36301) ### [`v19.1.6`](https://togithub.com/electron/electron/releases/tag/v19.1.6): electron v19.1.6 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.5...v19.1.6) ### Release Notes for v19.1.6 #### Fixes - Fixed crash in `AXNodeObject::TextFromDescendants()`. [#36285](https://togithub.com/electron/electron/pull/36285) #### Other Changes - Security: backported fix for [`1376637`](https://togithub.com/electron/electron/commit/1376637). [#36312](https://togithub.com/electron/electron/pull/36312) - Security: backported fix for CVE-2022-3885. [#36295](https://togithub.com/electron/electron/pull/36295) - Security: backported fix for CVE-2022-3887. [#36305](https://togithub.com/electron/electron/pull/36305) - Security: backported fix for CVE-2022-3888. [#36297](https://togithub.com/electron/electron/pull/36297) - Security: backported fix for CVE-2022-3889. [#36299](https://togithub.com/electron/electron/pull/36299) - Security: backported fix for CVE-2022-3890. [#36301](https://togithub.com/electron/electron/pull/36301) ### [`v19.1.5`](https://togithub.com/electron/electron/releases/tag/v19.1.5): electron v19.1.5 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.4...v19.1.5) ### Release Notes for v19.1.5 #### Other Changes - Security: backported fix for [`1356234`](https://togithub.com/electron/electron/commit/1356234). [#36221](https://togithub.com/electron/electron/pull/36221) - Security: backported fix for [`1361612`](https://togithub.com/electron/electron/commit/1361612). [#36218](https://togithub.com/electron/electron/pull/36218) - Security: backported fix for CVE-2022-3654. [#36207](https://togithub.com/electron/electron/pull/36207) - Security: backported fix for CVE-2022-3656. [#36224](https://togithub.com/electron/electron/pull/36224) - Security: backported fix for CVE-2022-3723. [#36225](https://togithub.com/electron/electron/pull/36225) #### Unknown - Reverted fix for chromium:1361612 due to stability issues. [#36262](https://togithub.com/electron/electron/pull/36262) ### [`v19.1.4`](https://togithub.com/electron/electron/releases/tag/v19.1.4): electron v19.1.4 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.3...v19.1.4) ### Release Notes for v19.1.4 #### Other Changes - Security: backported fix for [`1364604`](https://togithub.com/electron/electron/commit/1364604). [#36081](https://togithub.com/electron/electron/pull/36081) - Security: backported fix for [`1368076`](https://togithub.com/electron/electron/commit/1368076). [#36086](https://togithub.com/electron/electron/pull/36086) - Security: backported fix for [`1373314`](https://togithub.com/electron/electron/commit/1373314). [#36215](https://togithub.com/electron/electron/pull/36215) - Security: backported fix for CVE-2022-3450. [#36077](https://togithub.com/electron/electron/pull/36077) - Security: backported fix for CVE-2022-3652. [#36205](https://togithub.com/electron/electron/pull/36205) - Security: backported fix for CVE-2022-3653. [#36209](https://togithub.com/electron/electron/pull/36209) ### [`v19.1.3`](https://togithub.com/electron/electron/releases/tag/v19.1.3): electron v19.1.3 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.2...v19.1.3) ### Release Notes for v19.1.3 #### Other Changes - Security: backported fix for CVE-2022-3304. [#35879](https://togithub.com/electron/electron/pull/35879) - Security: backported fix for CVE-2022-3307. [#35882](https://togithub.com/electron/electron/pull/35882) - Security: backported fix for CVE-2022-3315. [#35918](https://togithub.com/electron/electron/pull/35918) ### [`v19.1.2`](https://togithub.com/electron/electron/releases/tag/v19.1.2): electron v19.1.2 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.1...v19.1.2) ### Release Notes for v19.1.2 #### Fixes - Provided display_id for desktopCapturer on Linux. [#35835](https://togithub.com/electron/electron/pull/35835) (Also in [20](https://togithub.com/electron/electron/pull/35834), [21](https://togithub.com/electron/electron/pull/35836)) #### Other Changes - Security: backported fix for [`1356308`](https://togithub.com/electron/electron/commit/1356308). [#35891](https://togithub.com/electron/electron/pull/35891) - Security: backported fix for CVE-2022-3370. [#35885](https://togithub.com/electron/electron/pull/35885) - Security: backported fix for CVE-2022-3373. [#35888](https://togithub.com/electron/electron/pull/35888) ### [`v19.1.1`](https://togithub.com/electron/electron/releases/tag/v19.1.1): electron v19.1.1 [Compare Source](https://togithub.com/electron/electron/compare/v19.1.0...v19.1.1) ### Release Notes for v19.1.1 #### Fixes - Fixed an issue where DevTools could not be docked with Windows Control Overlay enabled. [#35763](https://togithub.com/electron/electron/pull/35763) (Also in [20](https://togithub.com/electron/electron/pull/35764), [21](https://togithub.com/electron/electron/pull/35765)) - Usage of `safeStorage` now consistently uses the correct service name on macOS regardless of timing with browser window construction. [#35795](https://togithub.com/electron/electron/pull/35795) (Also in [20](https://togithub.com/electron/electron/pull/35796)) #### Other Changes - Security: backported fix chromium:1346938. [#35826](https://togithub.com/electron/electron/pull/35826) - Security: backported fix for [`1348283`](https://togithub.com/electron/electron/commit/1348283). [#35793](https://togithub.com/electron/electron/pull/35793) - Security: backported fix for CVE-2022-3196. [#35787](https://togithub.com/electron/electron/pull/35787) - Security: backported fix for CVE-2022-3197. [#35789](https://togithub.com/electron/electron/pull/35789) - Security: backported fix for CVE-2022-3198. [#35791](https://togithub.com/electron/electron/pull/35791) - Security: backported fix for chromium:1359294,v8:12578. [#35774](https://togithub.com/electron/electron/pull/35774) #### Documentation - Documentation changes: [#35330](https://togithub.com/electron/electron/pull/35330) ### [`v19.1.0`](https://togithub.com/electron/electron/releases/tag/v19.1.0): electron v19.1.0 [Compare Source](https://togithub.com/electron/electron/compare/v19.0.17...v19.1.0) ### Release Notes for v19.1.0 #### Features - Added `webFrameMain.origin`. [#35624](https://togithub.com/electron/electron/pull/35624) (Also in [20](https://togithub.com/electron/electron/pull/35535), [21](https://togithub.com/electron/electron/pull/35534)) #### Fixes - Enable WCO maximize button when window enters tablet mode and is not already maximized. [#35677](https://togithub.com/electron/electron/pull/35677) (Also in [20](https://togithub.com/electron/electron/pull/35663), [21](https://togithub.com/electron/electron/pull/35664)) - Fixed `uv_os_gethostname` failing on Windows 7. [#35703](https://togithub.com/electron/electron/pull/35703) (Also in [20](https://togithub.com/electron/electron/pull/35705), [21](https://togithub.com/electron/electron/pull/35704)) - Fixed a bug where calling `atob` in the renderer process could fail under some circumstances. [#35444](https://togithub.com/electron/electron/pull/35444) (Also in [20](https://togithub.com/electron/electron/pull/35445), [21](https://togithub.com/electron/electron/pull/35443)) - Fixed an edge case in `app.isInApplicationsFolder()` which would return false incorrectly in some cases. [#35729](https://togithub.com/electron/electron/pull/35729) (Also in [20](https://togithub.com/electron/electron/pull/35731), [21](https://togithub.com/electron/electron/pull/35730)) #### Other Changes - Fixed an issue where a child of a window using WCO would not have the navigator defined. [#35701](https://togithub.com/electron/electron/pull/35701) - Security: backported fix for CVE-2022-3038. [#35548](https://togithub.com/electron/electron/pull/35548) - Security: backported fix for CVE-2022-3199. [#35750](https://togithub.com/electron/electron/pull/35750)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.