Rank: Newbie Groups: Member
Joined: 4/15/2016 Posts: 3
|
Hi, I wonder if you will update the embedded Chromium engine in eowp? It should be updated if it uses the same javascript engine as Google Chrome, their V8 engine had a zero-day defect, fixed yesterday by Google. https://www.bleepingcomputer.com/news/security/google-patches-8th-chrome-zero-day-exploited-in-the-wild-this-year/
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
Hi,
Yes. We regularly sync our code base with Chromium's code base. However for such security update we can't do it right away because Google does not release the details of the vulnerability right away for fearing of it being widely exploited. The common practice is for them to patch the vulnerability, release an update, wait for the update to be widely applied, then release the details and the vulnerability and the corresponding source code that fixed the vulnerability. Only after that it is possible for us to apply the patch.
Thanks!
|