Posted on August 5, 2024
DotNetBrowser 2.27.3
Chromium upgraded to 127.0.6533.73
We upgraded Chromium to a newer version, which introduces multiple security fixes that prevent a remote attacker from executing arbitrary code via a crafted HTML page, including:
- CVE-2024-6100: Type Confusion in V8
- CVE-2024-6290: Use after free in Dawn
- CVE-2024-6779: Out of bounds memory access in V8
For the complete list of Chromium fixes and improvements in DotNetBrowser 2.27.3 please visit the product blog posts for the following versions:
Native keyboard input
In the off-screen rendering mode, any key pressed by a user travels a long way before it reaches the web page. An operating system dispatches the keyboard event to the UI framework, which passes it to DotNetBrowser, which forwards it to Chromium, which delivers it to the web page.
At every stage of this journey, the keyboard event is converted from one data structure to another. And since different keyboard subsystems and their data structures don’t match exactly, the data from the event may be lost or misinterpreted. That means a keyboard interaction in DotNetBrowser may produce a different JavaScript event than the same interaction in Chromium.
In DotNetBrowser 2.27.3, we introduce an experimental feature that directly forwards keyboard events from the operating system to Chromium. This way, the JavaScript events generated in DotNetBrowser should always match those in Chromium.
To activate the feature, use the following code:
IEngine engine = EngineFactory.Create(new EngineOptions.Builder
{
NativeKeyboardInputEnabled = true
}.Build());
Quality enhancements
- The keyboard input works properly on macOS with the recent Avalonia versions.
- The focus behavior is improved for WPF embedding.
Download DotNetBrowser 2.27.3 (.NET Framework)
Download DotNetBrowser 2.27.3 (.NET Core)
Download DotNetBrowser 2.27.3 (Cross-platform)
Follow @DotNetBrowser to get notified of the library updates.
Subscribe to our RSS feed to get instant updates on new releases.