PxPlus *browser patch level

Started by Mike King, June 03, 2024, 08:04:53 AM

Previous topic - Next topic

Mike King

There is a significant alert for chrome and all chromium based browsers that has been reported with many companies requiring their users to update or delete Chrome immediately.

Can you advise if these corrections are included in the current *browser and if there will be a fix for prior versions of PxPlus.

For details on this issue see https://www.forbes.com/sites/zakdoffman/2024/06/03/google-chrome-warning-72-hours-to-update-or-delete-your-browser/?sh=2953df0bdb05
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

Devon Austen

Hi Mike,

We update the version of embedded Chromium we use with the major version releases each year. For PxPlus 2024 this updated embedded chromium to 123.0.12.

Unfortunately these exploits are not that unusual. Chrome regularly has exploits found and reported in a similar way that the US government mandates an update for. Going through this list https://www.cisa.gov/known-exploited-vulnerabilities-catalog you can see that along with the 4 in May, there was 1 in February, 2 in January, 1 in November, 1 in October, 1 in September, etc etc.

Not all of these exploits may affect the embedded version of Chromium. Also how the embedded version is used may mean it is not as much of a risk since it is generally loading known websites or local HTML files.

With the patch level in PxPlus 2024 all exploits are fixed except for the ones reported in May.

We will continue to update with every release to cover all the exploits throughout the year. We look to find a balance between staying current with annual updates but not updating too frequently.

If these exploits are of a particular concern it should be possible to download the latest embedded chromium DLLs and copy over the DLLs included in the release but you would have to do testing as this was not tested.

Pick the standard distribution download for your version of PxPlus 32-bit or 64-bit: https://cef-builds.spotifycdn.com/index.html
Principal Software Engineer for PVX Plus Technologies LTD.