EO.WebBrowser and Meltdown/Spectre vulnerabilities - Essential Objects, Inc. Support Forum

Welcome Guest

Search | Active Topics | Sign In | Register

Essential Objects Product Support Forum » All Products » Support » EO.WebBrowser and Meltdown/Spectre vulnerabilities

EO.WebBrowser and Meltdown/Spectre vulnerabilities

Options

Previous Topic · Next Topic

Alessandro Passarotto

Posted: Friday, January 19, 2018 4:05:50 AM

Rank: Newbie
Groups: Member

Joined: 9/12/2016
Posts: 4

Hi,
last week, security exploits known as “Meltdown” and “Spectre” became a matter of extensive discussion in the technology world.
These flaws can give the potential for hackers to view sensitive data stored in the privileged memory of devices.

On the Chromium Project site we can read that some updates will arrive to mitigate the problem:
"Chrome's JavaScript engine, V8, will include mitigations starting with Chrome 64, which will be released on or around January 23rd 2018"
( https://www.chromium.org/Home/chromium-security/ssca )

Will be EO.WebBrowser updated soon to include the new 64 version ?
In the meanwhile how can we protect our application that use EO.WebBrowser ?

Thanks

Alessandro

eo_support

Posted: Friday, January 19, 2018 7:52:15 AM

Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,221

Hi,

We are following this and we will look into either porting the fix back to our build or update the browser engine. In the mean time, you can enable site isolation by passing "--site-per-process" to this engine option:

https://www.essentialobjects.com/doc/eo.webengine.engineoptions.extracommandlineargs.aspx

Thanks

Alessandro Passarotto

Posted: Friday, January 19, 2018 8:10:08 AM

Rank: Newbie
Groups: Member

Joined: 9/12/2016
Posts: 4

Thanks!

iTester

Posted: Thursday, January 25, 2018 11:54:40 AM

Rank: Member
Groups: Member

Joined: 5/2/2017
Posts: 25

Dear eo_support,

It would be great if you choose the "update the browser engine" option!

The current EO browser engine was built on Chromium 62, which was released on Aug 31st, 2017, i.e. about half a year ago.
Currently it is not as fast and not as secured as it could be.

Per Chromium calendar https://www.chromium.org/developers/calendar
they supposed to release Chromium v 65 on Jan 18th, 2018 (last week).

Thank you.

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Message