Logo
My Account |  Site Map | Contact Us  
Welcome Guest Search | Active Topics | Sign In | Register

Chromium engine update due to zero day defects fixed? Options
Erik R
Posted: Friday, July 16, 2021 7:29:19 AM
Rank: Newbie
Groups: Member

Joined: 4/15/2016
Posts: 3
Hi, I wonder if you will update the embedded Chromium engine in eowp? It should be updated if it uses the same javascript engine as Google Chrome, their V8 engine had a zero-day defect, fixed yesterday by Google.
https://www.bleepingcomputer.com/news/security/google-patches-8th-chrome-zero-day-exploited-in-the-wild-this-year/
Jack Cheng
Posted: Friday, July 16, 2021 11:37:20 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 23,036
Hi,

Yes. We regularly sync our code base with Chromium's code base. However for such security update we can't do it right away because Google does not release the details of the vulnerability right away for fearing of it being widely exploited. The common practice is for them to patch the vulnerability, release an update, wait for the update to be widely applied, then release the details and the vulnerability and the corresponding source code that fixed the vulnerability. Only after that it is possible for us to apply the patch.

Thanks!


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.