119.0.6045.106: new chromium version

[github-actions]

Public CVEs:

CVE	Commit
[$16000][1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14	[PaymentHandler] Require Link header when fetching payment method manifests https://chromium-review.googlesource.com/c/chromium/src/+/4954394
[$11000][1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13	[M-119] usb: Validate isochronous transfer packet lengths https://chromium-review.googlesource.com/c/chromium/src/+/4944690
[$TBD][1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13	[M-119] usb: Validate isochronous transfer packet lengths https://chromium-review.googlesource.com/c/chromium/src/+/4944690
[$3000][1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639)  on 2021-12-22	Elide filename and domains on start to show the extension / eTLD+1 https://chromium-review.googlesource.com/c/chromium/src/+/4706260
[$3000][1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18	[DownloadBubble] Add input event activation protector https://chromium-review.googlesource.com/c/chromium/src/+/4864122
[$2000][1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10	Stop storing Print Preview request data in PrintPreviewUI https://chromium-review.googlesource.com/c/chromium/src/+/4857212
[$1000][1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22	Elide filename and domains on start to show the extension / eTLD+1 https://chromium-review.googlesource.com/c/chromium/src/+/4706260
[$1000][1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01	[profiles] Fix crash when deleting a profile from the picker in a tab https://chromium-review.googlesource.com/c/chromium/src/+/4909536
[$TBD][1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13	[Merge M119][Read Anything] Use render frame id instead of pointer https://chromium-review.googlesource.com/c/chromium/src/+/4955256
[$TBD][1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17	[Merge M119] Make ReadAnythingUntrustedPageHandler.browser _ a weak ptr https://chromium-review.googlesource.com/c/chromium/src/+/4953624
[N/A][1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18	[M119] Don't open download on BYPASS_DEEP_SCANNING command https://chromium-review.googlesource.com/c/chromium/src/+/4956103
[$3000][1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24	[dPWA] Observe web contents visibility when installing https://chromium-review.googlesource.com/c/chromium/src/+/4899736
[$500][1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13	pip2: Elide tail for file URLs https://chromium-review.googlesource.com/c/chromium/src/+/4874656

[uazo]

CVE	What to do
Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639)  on 2021-12-22 Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18	in cromite the automatic opening at the end of the download must be removed
Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13	check whether adblock still uses frame pointers rather than frameid (see #426)
Medium CVE-2023-5856: Use after free in Side Panel.	try to use weak pointers rather than pointers, check the code
Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13	check whether it is possible not to make any elide

[uazo]

commit: 9344cc4
builder: https://github.com/uazo/cromite/actions/runs/6717728243
release: https://github.com/uazo/cromite/releases/tag/v119.0.6045.106-9344cc41d5d85463ee12bc449c72ad335f7545fe
docker images: uazo/cromite-build:119.0.6045.106-9344cc41d5d85463ee12bc449c72ad335f7545fe

changes:

• Bump to 119.0.6045.106
• [Android] "Add menu item to bookmark all tabs" duplicate results #479 Fix duplicate results
• Exporting bookmarks does not clean the file if already present #477 Add FLAG_OPEN_TRUNCATED while exporting
• [Windows] Hide the presence of the webcam if the user has not given permission #480 Hide the presence of the webcam if the user has not given permission
• Omnibox suggestion dropdown covered by keyboard with bottom navigator bar #301 Address bar hidden by keyboard when in bottom side #320 Fix keyboard cover suggestions
• Checking for updates in Android is done each time the app is displayed in the recents #473 Fix upgrade checks
• Disable Background Availability Monitoring in media router
• Always clear js and wasm code cache at startup
• Block Intents While Locked
• Keep Manta Service Disabled

[uazo]

next version #510