Embedded Chromium Browser Security Issue. Impacts Versions up to 2025.4.2. Impact: None #2
Closed
ReedCopsey
announced in
Security Alert
Replies: 3 comments
-
|
Note: C Tech has updated the version of Chromium used. The next release of EVS (all after 2025.4.2) will no longer include a version of Chromium with this vulnerability. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
See #9 for fix |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Fixed in v2025.5. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
C Tech is aware that the version of Chromium (embedded web browser) used in EVS, in all versions up to 2025.4.2, has a known security issue.
Details of the issue:
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Note that this is only an issue when using the included Chromium web browser to view a malicious file. EVS uses the Chromium web engine, but all content rendered is created by and controlled within the EVS environment.
There is no known mechanism for triggering this exploit within Earth Volumetric Studio. We are listing this for transparency purposes, but the impact on users is a non-issue as it is not exploitable when using EVS.
Beta Was this translation helpful? Give feedback.
All reactions