diff options
author | Michael BrĂ¼ning <michael.bruning@qt.io> | 2021-12-01 19:34:05 +0100 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2021-12-03 14:33:37 +0100 |
commit | 56ba5c9789700433b469ee9a3057eaeabad64d54 (patch) | |
tree | e6e51f3415e1f830403099cd7333dd78b282f425 | |
parent | 402f5a4a78347ed56be59396a3e3877ea9791f47 (diff) |
Update Chromium
Submodule src/3rdparty 8c0a9b44..bfc2de04:
> [Backport] CVE-2021-37996 : Insufficient validation of untrusted
input in Downloads
> [Backport] CVE-2021-38001 : Type Confusion in V8
> [Backport] Security bug 1252858
> [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
> [Backport] Dependency for CVE-2021-37989
> [Backport] CVE-2021-38022: Inappropriate implementation in
WebAuthentication
> [Backport] CVE-2021-38012: Type Confusion in V8
> [Backport] CVE-2021-38010: Inappropriate implementation in service
workers
> [Backport] CVE-2021-38021: Inappropriate implementation in referrer
> [Backport] CVE-2021-38005: Use after free in loader (3/3)
> [Backport] CVE-2021-38005: Use after free in loader (2/3)
> [Backport] CVE-2021-38005: Use after free in loader (1/3)
> [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
> [Backport] CVE-2021-38007: Type Confusion in V8
> [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
sandbox
> [Backport] CVE-2021-38009: Inappropriate implementation in cache
> [Backport] Dependency for CVE-2021-38009
> [Backport] CVE-2021-38015: Inappropriate implementation in input
> [Backport] CVE-2021-38018: Inappropriate implementation in
navigation
> Revert "Stop orphan child processes from staying alive on Windows"
> Fix stack overflow on gpu channel recreate with an error
> [Backport] Security bug 1245870
> [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
> [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
> [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
> [Backport] CVE-2021-37987 : Use after free in Network APIs
> [Backport] CVE-2021-38003 : Inappropriate implementation in V8
> [Backport] CVE-2021-3541 libxml2: Exponential entity expansion
attack bypasses all existing protection mechanisms
> [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow in
xmlEncodeEntitiesInternal() in entities.c
Task-number: QTBUG-98854
Fixes: QTBUG-98855
Fixes: QTBUG-98400
Fixes: QTBUG-98401
Change-Id: Idb07729bf45ed59eb8163186925095e1a1e30318
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | CHROMIUM_VERSION | 2 | ||||
m--------- | src/3rdparty | 0 |
2 files changed, 1 insertions, 1 deletions
diff --git a/CHROMIUM_VERSION b/CHROMIUM_VERSION index 55d7ab8ca..334d6dcb4 100644 --- a/CHROMIUM_VERSION +++ b/CHROMIUM_VERSION @@ -1,2 +1,2 @@ Based on Chromium version: 87.0.4280.144 -Patched with security patches up to Chromium version: 94.0.4606.61 +Patched with security patches up to Chromium version: 96.0.4664.45 diff --git a/src/3rdparty b/src/3rdparty -Subproject 8c0a9b4459f5200a24ab9e687a3fb32e975382e +Subproject bfc2de04055f445a30806545f343abd3d3c972f |