[Bug 244625] www/chromium: [patch] Please update to 80.x

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244625

            Bug ID: 244625
           Summary: www/chromium: [patch] Please update to 80.x
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: chromium at FreeBSD.org
          Reporter: cem at freebsd.org
          Assignee: chromium at FreeBSD.org
             Flags: maintainer-feedback?(chromium at FreeBSD.org)

Created attachment 212180
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=212180&action=edit
Update www/chromium port to 80.x

Apparently, there are active CVEs being used in the wild against 79.x:

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

> This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
>
> [$5000][1044570] High: Integer overflow in ICU. Reported by André Bargull (with thanks to Jeff Walden from Mozilla) on 2020-01-22
> [N/A][1045931] High CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
>
> This release also contains:
> [N/A][1053604] High CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18
>
> Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.

I've rebased our patches against the latest 80.x stable at the time I started
the work a few days ago, 80.0.3987.132, and tested the ordinary Release
configuration with default knobs against a few "smoke test" websites:

david.li/waves
youtube.com
google / basic browsing

-- 
You are receiving this mail because:
You are the assignee for the bug.