Several vulnerabilities detected in Black Duck Binary Analysis in libcef.dll

[FOGBABY]

Hi:

We are using version: 125.0.21.0 of chromiumembedded/cef and detected several vulnerabilities from libtiff, freetype and other module in Black Duck Binary Analysis. And I had serval questions:

(1) Some module couldn’t be found any version info, such as libtiff, openjpeg, libxml2, freetype. Can you tell me how to find these version info about these module?

(2) The v8 module was detected about 30 high vulnerabilities, and I think the module is too old and needed be updated right?

[amaitland]

CefSharp is just one of many Chromium Embedded Framework(CEF) wrappers.

CEF has it's own issue tracker and support forum

• https://github.com/chromiumembedded/cef
• https://www.magpcss.org/ceforum/index.php

(1) Some module couldn’t be found any version info, such as libtiff, openjpeg, libxml2, freetype. Can you tell me how to find these version info about these module?

They would be the same versions used by Chromium at the exact same version. You'd have to look through the Chromium source to see what dependencies it was using pulling in. Someone on ceforum might have some additional pointers. The Chromium devs might also be able to help you on this one.

Each release you'll see the relevant Chromium version.

The v8 module was detected about 30 high vulnerabilities, and I think the module is too old and needed be updated right?

CefSharp will upgrade to the next major Chromium version when builds become available on https://cef-builds.spotifycdn.com/index.html

We don't track individual modules like V8. It'll be the same as the equivalent Chromium version,