I thank you for the report!
** Changed in: chromium-browser (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2093373
Title:
jQuery < 1.9.0 XSS Vulnerability
Status in chromium-browser package in Ubuntu:
Fix Released
Bug description:
Summary
jQuery is prone to a cross-site scripting (XSS)
vulnerability.
Detection Result
Installed version: 1.7.2
Fixed version: 1.9.0
Installation
path / port:
/snap/chromium/3002/tests/data/HTML5test/scripts/jquery/jquery-1.7.2.min.js
I did a snap refresh chromium on the system and the chromium version is now
at version:
chromium 131.0.6778.264 from Canonical✓ refreshed
and the JQuery file 1.7.2.min.js is still in that directory.
Can you please advise us of how to remove this file as we get a vulnerability
finding every time security runs a scan on the system. There are actually two
directories with old JQuery files
/snap/chromium/3002/tests/data/HTML5test/scripts/jquery/jquery-1.7.2.min.js
/snap/coromium/3019/tests/data/HTML5test/scripts/jquery/jquery-1.7.2.min.js
Version of Ubuntu is 20.04.6 LTS with PRO support enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2093373/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
