chore: cherry-pick 7 changes from Release-1-M120 #40802
Merged
+621
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ppontes
added
security 🔒
semver/patch
ppontes
force-pushed
the
cherry-pick/security/27-x-y/release-1-m120
branch
from
5169dd7 to
31102db
Compare
ppontes
changed the title
ppontes
force-pushed
the
cherry-pick/security/27-x-y/release-1-m120
branch
from
f4908f9 to
90d69b9
Compare
* 998e947b265f from chromium * 021598ea43c1 from chromium * 76340163a820 from chromium * f15cfb9371c4 from chromium * 4ca62c7a8b88 from chromium * cbd09b2ca928 from v8 * 58bc7b8bb840 from libavif
ppontes
force-pushed
the
cherry-pick/security/27-x-y/release-1-m120
branch
from
c995da7 to
eba33cd
Compare
jkleinsc
approved these changes
Jan 2, 2024
VerteDinde
approved these changes
Jan 2, 2024
|
Release Notes Persisted
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
electron/security#442 - 998e947b265f from chromium
[FedCM] Check API permission before showing accounts UIThe accounts fetch could be delayed for legitimate reasons. A user may be
able to disable FedCM API (e.g. via settings or dismissing another FedCM
UI on the same RP origin) before the browser receives the accounts
response.
This patch checks the API permission before showing the accounts UI.
(cherry picked from commit 98676a2f66c4b4b802316eef70f4aab77e631f85)
Change-Id: Idbbe88912941113ec3f54d7f222845cd774dc897
Bug: 1500921
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5064052
Commit-Queue: Yi Gu yigu@chromium.org
Reviewed-by: Christian Biesinger cbiesinger@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1229912}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5074630
Auto-Submit: Yi Gu yigu@chromium.org
Cr-Commit-Position: refs/branch-heads/6099@{#1255}
Cr-Branched-From: e6ee4500f7d6549a9ac1354f8d056da49ef406be-refs/heads/main@{#1217362}
electron/security#437 - 021598ea43c1 from chromium
[InsertableStreams] Drop frames received on the wrong task runnerIt can happen during transfer that a frame is posted from the
background media thread to the task runner of the old execution
context, which can lead to races and UAF.
This CL makes underlying sources drop frames received on the
wrong task runner to avoid the problem.
(cherry picked from commit 9d042e0d498356185fe9eb33c53b69fab33d06bf)
Bug: 1505708
Change-Id: I686228d88cb1c48bdf8c0b6bf85edd280a54300a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5077845
Commit-Queue: Guido Urdaneta guidou@chromium.org
Reviewed-by: Tony Herre toprice@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1231802}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5082444
Commit-Queue: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Auto-Submit: Guido Urdaneta guidou@chromium.org
Cr-Commit-Position: refs/branch-heads/6099@{#1370}
Cr-Branched-From: e6ee4500f7d6549a9ac1354f8d056da49ef406be-refs/heads/main@{#1217362}
electron/security#440 - 76340163a820 from chromium
[M120] ImageBitmapFactory: fix empty context dcheckApproved by:
https://bugs.chromium.org/p/chromium/issues/detail?id=1502102#c34
(cherry picked from commit c4d2f15b8f97076c8fd0f9aa5814b94db698b75c)
Fixed: 1502102
Change-Id: Ib42d2897d62136ae835561bcf56884b5624060a5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5071252
Commit-Queue: Paul Semel paulsemel@chromium.org
Reviewed-by: Jean-Philippe Gravel jpgravel@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1230617}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5088373
Auto-Submit: Arthur Sonzogni arthursonzogni@google.com
Reviewed-by: Paul Semel paulsemel@chromium.org
Cr-Commit-Position: refs/branch-heads/6099@{#1416}
Cr-Branched-From: e6ee4500f7d6549a9ac1354f8d056da49ef406be-refs/heads/main@{#1217362}
electron/security#438 - f15cfb9371c4 from chromium
Fix reinit order in ContextProviderCommandBuffer::BindToCurrentSequenceSee comments for explanation.
(cherry picked from commit 7d8400ceb56db5fd97249f787251fe8b3928e6fd)
Bug: 1505632
Change-Id: I0f43821a9708af91303048332e9fae5e100deee5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5069480
Reviewed-by: Saifuddin Hitawala hitawala@chromium.org
Commit-Queue: Kai Ninomiya kainino@chromium.org
Reviewed-by: Brendon Tiszka tiszka@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1230735}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5095795
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Commit-Queue: Saifuddin Hitawala hitawala@chromium.org
Auto-Submit: Kai Ninomiya kainino@chromium.org
Cr-Commit-Position: refs/branch-heads/6099@{#1424}
Cr-Branched-From: e6ee4500f7d6549a9ac1354f8d056da49ef406be-refs/heads/main@{#1217362}
electron/security#436 - 4ca62c7a8b88 from chromium
Check for slugs count before deserializing Slugs in DrawSlugOpCount is part of serialized data and while we never serialize values
less then 1, it can be any value when coming over IPC, we should check
that it's positive before substacting one.
(cherry picked from commit 0527e0d5b08a13d63f4f1eeefa1b86ecfd0cb63b)
Bug: 1506726
Change-Id: I244f50a682f2e852b22ba88f1e9cddddb0fdfcb9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5078779
Reviewed-by: Peng Huang penghuang@chromium.org
Commit-Queue: Vasiliy Telezhnikov vasilyt@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1232013}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5096809
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Cr-Commit-Position: refs/branch-heads/6099@{#1428}
Cr-Branched-From: e6ee4500f7d6549a9ac1354f8d056da49ef406be-refs/heads/main@{#1217362}
electron/security#441 - cbd09b2ca928 from v8
Merged: [promises, async stack traces] Fix the case when the closure has runWe were using the closure pointing to NativeContext as a marker that the
closure has run, but async stack trace code was confused about it.
(cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f)
Bug: chromium:1501326
Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083
Cr-Original-Commit-Position: refs/heads/main@{#90949}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982
Commit-Queue: Marja Hölttä marja@chromium.org
Reviewed-by: Shu-yu Guo syg@chromium.org
Reviewed-by: Igor Sheludko ishell@chromium.org
Auto-Submit: Marja Hölttä marja@chromium.org
Cr-Commit-Position: refs/branch-heads/12.0@{#18}
Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1}
Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651}
Notes: