March 09, 2019, CEF 3.3578.1870.gc974488 / Chromium 71.0.3578.98
Bug Fix Release
This release addresses a CRITICAL SECURITY issue, everyone that uses CefSharp
for internet browsing should upgrade. Those using for only intranet browsing the risk is obviously smaller, though you should perform your own risk analysis. I recommend that everyone upgrade.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
We encourage users to verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later.
CEF
has specifically backported the fix into the 3578
branch (version 71
). The relevant commit is https://bitbucket.org/chromiumembedded/cef/commits/c974488bae67171e814b9666de3000867ff7bd76?at=3578
See https://github.com/cefsharp/CefSharp/releases/tag/v71.0.0 for full details
See https://github.com/cefsharp/CefSharp/releases/tag/v71.0.1 for additional details
- #2677 CRITICAL UPDATE CVE-2019-5786