Security issues

Forrest H

unread,

Jul 9, 2023, 10:45:30 AM7/9/23

to Chromium-discuss

Hello,

When I built chromium under Windows OS, I encountered two security issues:

First, security software identified the following file as a security risk:

src/third_party/freetype-testing/src/fuzzing/corpora/truetype-render/oss-fuzz/CVE-2020-15999.ttf

I had to exclude it to get around it.

Second, security software blocked the fresh built chromium's udp calls at port 53. Because of the udp calls, the browser was characterized as untrustworthy and its network access was blocked.

Can the second issue be resolved without touching local security settings?

Thank you for your response,

Forrest

PhistucK

unread,

Jul 9, 2023, 12:58:52 PM7/9/23

to czfor...@gmail.com, Chromium-discuss

Port 53 via UDP (or TCP) is for communicating with the DNS server, which is generally required for web browsing. It should fall back to TCP if it is blocked, though.

Probably relevant -

https://lists.dns-oarc.net/pipermail/dns-operations/2023-March/021979.html

https://chromium.googlesource.com/chromium/src/+/main/net/dns/README.md?pli=1#:~:text=heuristically%20detects%20IPv4%2Donly%20networks%20by%20attempting%20a%20UDP%20connection%20to

☆PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

Forrest H

unread,

Jul 9, 2023, 4:59:29 PM7/9/23

to Chromium-discuss, PhistucK, Chromium-discuss

PhistucK,

Thank you for the info.

Forrest

Reply all

Reply to author

Forward