Chrome zero-day vulnerabilities

renab · Post by **renab** » Sat Apr 17, 2021 5:03 pm

Hi,

Does CEF4Delphi need to be updated due to the recent Chrome zero-day vulnerabilities that were exposed?

salvadordf · Post by **salvadordf** » Sat Apr 17, 2021 6:16 pm

Hi,

Chromium has security fixes frequently and the CEF project is updated almost at the same frequency.
CEF4Delphi is also updated to use the latest CEF version which includes the latest Chromium version with the latest features and fixes.

At this moment, CEF4Delphi uses CEF 89 but I'll release a new update with CEF 90 as soon as I fix an issue with some demos.

renab · Post by **renab** » Mon Apr 19, 2021 12:36 pm

Ok great thank you. How can I get notifications when updates to CEF4Delphi are published? I thought I had my notification preferences set correctly but I want to make sure.

salvadordf · Post by **salvadordf** » Mon Apr 19, 2021 12:42 pm

CEF4Delphi with CEF 90 was released yesterday.

You can click on the Watch button in the project page at GitHub.
https://github.com/salvadordf/CEF4Delphi

You can also subscribe to the forum thread were all CEF4Delphi updates are announced :
https://www.briskbard.com/forum/viewtopic.php?f=8&t=1565

renab · Post by **renab** » Mon Apr 19, 2021 9:01 pm

Ok great thanks so much.

I notice in the documentation it mentions that cef_sandbox.lib and libcef.lib can be omitted from the application directory when deploying -- why is that?

salvadordf · Post by **salvadordf** » Tue Apr 20, 2021 8:22 am

The LIB files are used in C/C++ applications and according to most of the search results, they can't be used in Delphi.
https://stackoverflow.com/questions/8588279/use-lib-file-in-delphi-how-to-import-lib-file

Perhaps you can extract the object files from the lib files and link them from Delphi but I've never tried that.
http://rvelthuis.de/articles/articles-cobjs.html

renab · Post by **renab** » Tue Apr 20, 2021 11:15 am

OK thanks. I was just concerned if cef_sandbox.lib "can't be used in Delphi" that meant that CEF browsers in Delphi don't have Chromium's built in sandbox security feature?

salvadordf · Post by **salvadordf** » Tue Apr 20, 2021 12:26 pm

That's sadly correct.

The sandbox is disabled in Delphi and Lazarus because we can't link cef_sandbox.lib.

renab · Post by **renab** » Tue Apr 20, 2021 1:19 pm

Ok - yeah that's a bummer. It makes it more urgent then that we keep our applications current with the latest versions of CEF/Chromium if we don't really have that fail safe. Good to know thanks.

thefunkyjoint · Post by **thefunkyjoint** » Tue Apr 20, 2021 6:13 pm

renab wrote: Mon Apr 19, 2021 9:01 pm Ok great thanks so much.

I notice in the documentation it mentions that cef_sandbox.lib and libcef.lib can be omitted from the application directory when deploying -- why is that?

Is this true ? I don't need to deploy these two files with my app ? This would be 66MB less in the package !

BriskBard, CEF4Delphi, WebView4Delphi, WebUI4Delphi and WebUI4CSharp

Chrome zero-day vulnerabilities

Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities

Re: Chrome zero-day vulnerabilities