Page MenuHomeSolus

Update brave to 1.1.20 to address multiple CVEs
ClosedPublic

Authored by Jacalz on Dec 12 2019, 8:01 PM.
Tags
  • Restricted Project
Referenced Files
F11068445: D7835.id.diff
Fri, Aug 11, 9:47 PM
F11050678: D7835.diff
Thu, Aug 10, 7:14 PM
F11019547: D7835.diff
Sun, Aug 6, 9:04 PM
F10914563: D7835.diff
Jul 8 2023, 2:51 AM
F10885297: D7835.id18787.diff
Jun 25 2023, 9:22 AM
F10885017: D7835.id18784.diff
Jun 25 2023, 5:49 AM
F10881761: D7835.diff
Jun 23 2023, 4:16 AM
F10823277: D7835.id.diff
Jun 3 2023, 3:16 AM
Subscribers

Details

Summary

Summarized Changelog:

  • Added Privacy Preserving Product Analytics (P3A).
  • Added auto-contribute support for GitHub.
  • Added separate tip banner for monthly contributions to creators.
  • Added the ability to opt-in to user private Brave ads for Cayman Islands.
  • Added fingerprinting exception for 1Password.
  • Added setting to "Use Google Services for Push Messaging" in brave://settings.
  • Removed known user tracking parameters from query strings.
  • Temporarily disabled Safe Browsing for downloads until we can get it to stop sending url-requests.
  • Disabled Motion Sensors by default.
  • Disabled Web Background Synchronization by default.
  • Fixed certain cases where users are stuck in the wallet verification flow for Brave Rewards.
  • Fixed inability to tweet after completing an inline tip on Reddit.
  • Fixed ad notifications being displayed while browser is in full screen mode.
  • Fixed inability to import from Firefox.
  • Fixes for private window with Tor and Brave Rewards.
  • Fixed CORS issue with atlassian.net.
  • Upgraded Chromium to 79.0.3945.74.

Security:

  • The update to chromium 79.0.3945.74 brings 51 security fixes. The following ones are the ones of critical severity:
    • CVE-2019-13725
    • CVE-2019-13726
Test Plan
  • Browsed some websites and checked version in the about page.

Diff Detail

Repository
R4107 brave
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Jacalz added a project: Restricted Project.Dec 12 2019, 8:01 PM
JoshStrobl retitled this revision from Update brave to 1.1.20 to adress multiple CVEs to Update brave to 1.1.20 to address multiple CVEs.
JoshStrobl added a subscriber: JoshStrobl.

LGTM, thanks!

This revision is now accepted and ready to land.Dec 13 2019, 6:51 AM