cjan wrote: ↑
Fri Mar 08, 2019 8:10 am
chromium .121, Security Fixes and Rewards: High CVE-2019-5786: Use-after-free in FileReader.
Apologies cjan, I see now what you were getting at. That's quite a nasty bug, and has reportedly been expoited in the wild already
, so needs addressing ><
Fortunately chromium-72.0.3626.121 (which has the fix) has hit the main Gentoo tree, so I've put together an modified ebuild with the necessary patches
to build on arm64, built it, and pushed the resulting binary package to the binhost.
To upgrade, just open a terminal and issue:
As this is a binary package, the process should only take about 10 minutes or so.
The youtube playback issue is fixed in this version also. I'll put out a bugfix 1.4.1 release of the gentoo-on-rpi3-64bit
image shortly with this updated chromium bundled by default; I don't feel comfortable with a vulnerable version being on there, in 1.4.0.
Thank you for pointing this out!
Update 10 March 2019: a new 1.4.1 release of the image is available, which fixes this issue; please see this post for more details.