Posted on April 24, 2024

DotNetBrowser 2.26.2

Chromium upgraded to 123.0.6312.124

We upgraded Chromium to a newer version, which introduces multiple security fixes that prevent a remote attacker who had compromised the GPU process from potentially perform a sandbox escape via specific UI gestures, potentially exploit heap corruption via a crafted HTML page, including:

• CVE-2024-3157: Out of bounds write in Compositing
• CVE-2024-3516: Heap buffer overflow in ANGLE
• CVE-2024-3515: Use after free in Dawn
• CVE-2024-3159: Out of bounds memory access in V8

For the complete list of Chromium fixes and improvements in 123.0.6312.124 please visit the product blog posts for the following versions:

• 123.0.6312.124
• 123.0.6312.107
• 123.0.6312.86
• 122.0.6261.112

Quality enhancements

• The print preview is now placed properly in BrowserView when entering the full-screen window mode on macOS.
• In the off-screen rendering mode, the IME candidate window in Avalonia closes when the BrowserView is clicked.
• In the off-screen rendering mode, the Chromium engine no longer crashes on Windows when BrowserView is used with accessibility tools.
• The ArgumentException is no longer thrown from the Avalonia BrowserView when it is not added to the visual tree yet.
• The IEngine.Disposed event is no longer raised twice.
• In the off-screen rendering mode, the combo box drop-down now closes properly when the Avalonia application window is minimized on Linux.

Download DotNetBrowser 2.26.2 (.NET Framework)
Download DotNetBrowser 2.26.2 (.NET Core)
Download DotNetBrowser 2.26.2 (Cross-platform)

Get free 30-day trial