You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CEF used is branch 5414, which gives chromium version 109. Really outdated. Being CEF a core component of the user interface functionality, it's a concern.
Also, I would like to see the source code of this CEF published in an OnlyOffice repository, as it seems to be a modified build of the upstream CEF (Dektop Editors segfaults when trying to use an offical CEF build). Please correct me if I'm wrong.
This issue is unique.
Your idea.
The javascript engine v8, version 8.9(used in https://github.com/ONLYOFFICE/build_tools/blob/master/scripts/core_common/modules/v8_89.py) is very outdated and vulnerable.
It should be updated to a recent version or have security patches backported.
For reference, qt5-webengine uses chromium 87 and v8 8.7 with some added security patches. The commits are available here: https://github.com/qt/qtwebengine-chromium/commits/87-based/
The text was updated successfully, but these errors were encountered: