Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: cherry-pick 1 changes from Release-2-M116 #39687

Merged
merged 2 commits into from Aug 30, 2023

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Aug 29, 2023

electron/security#399 - 35c06406a658 from chromium Handle object destruction in MediaStreamDeviceObserver

MSDO executes some callbacks that can result in the destruction of
MSDO upon an external event such as removing a media device or the
user revoking permission.
This CL adds code to detect this condition and prevent further
processing that would result in UAF. It also removes some invalid
DCHECKs.

Drive-by: minor style fixes

(cherry picked from commit 7337133682ab0404b753c563dde2ae2b1dc13171)

Bug: 1472492, b/296997707
Change-Id: I76f019bb110e7d9cca276444bc23a7e43114d2cc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4798398
Reviewed-by: Palak Agarwal agpalak@chromium.org
Commit-Queue: Guido Urdaneta guidou@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1186452}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4810035
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Cr-Commit-Position: refs/branch-heads/5845@{#1586}
Cr-Branched-From: 5a5dff63a4a4c63b9b18589819bebb2566c85443-refs/heads/main@{#1160321}

Notes:

@ppontes ppontes requested a review from a team as a code owner August 29, 2023 21:42
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 25-x-y labels Aug 29, 2023
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Aug 29, 2023
@jkleinsc jkleinsc merged commit 4cefd54 into 25-x-y Aug 30, 2023
13 checks passed
@jkleinsc jkleinsc deleted the cherry-pick/security/25-x-y/release-2-m116 branch August 30, 2023 14:08
@release-clerk
Copy link

release-clerk bot commented Aug 30, 2023

Release Notes Persisted

  • Security: backported fix for CVE-2023-4572.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
25-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants