chromium vulnerability to various CVEs

Forum Forums General Software chromium vulnerability to various CVEs

  • This topic has 8 replies, 4 voices, and was last updated Sep 25-10:32 am by ModdIt.
Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #67836
    Member
    calciumsodium

    The current chromium versions in buster and bullseye have vulnerabilities to various CVEs.

    Please see this announcement from https://wiki.debian.org/Chromium:
    As of 2021-09-20 19:19:07, Debian's Chromium package in buster, bullseye and bookworm repository remains vulnerable to numerous CVEs as outlined in the Chromium Security Tracker. Consider using an alternative browser like Firefox.

    #67838
    Forum Admin
    anticapitalista
    Helpful
    Up
    0

    I’m sure Debian will fix them soon, they usually do.

    Philosophers have interpreted the world in many ways; the point is to change it.

    antiX with runit - leaner and meaner.

    #67839
    Member
    calciumsodium
    Helpful
    Up
    0

    I have been checking for a while. The current version of chromium on both buster and bullseye in Debian is still at version 90.x

    Debian has not been updating chromium for a good while.

    If one checks the versions of google-chrome-stable and microsoft-edge-dev, all based on chromium, they are at version 94.x

    So Debian is really behind for a while. Previous to version 94.x was version 92.x. Even Debian has not gotten to version 92.x

    • This reply was modified 3 weeks ago by calciumsodium.
    #67841
    Forum Admin
    anticapitalista
    Helpful
    Up
    0

    Debian sid has 93.0.4577.82-1

    Philosophers have interpreted the world in many ways; the point is to change it.

    antiX with runit - leaner and meaner.

    #67842
    Member
    calciumsodium
    Helpful
    Up
    0

    For what it is worth, I wanted to find a way to install a chromium-based browser that would have the latest (or close to it) chromium.

    I hope the following is useful:

    1. google-chrome-stable:

    Go to
    https://www.google.com/chrome/
    and download the latest google-chrome-stable .deb file. Install it using sudo apt install <.deb>. The .deb file also installs the google chrome repository in addition to the google-chrome-stable binary. So updating is simply a matter of sudo apt update && sudo apt install google-chrome-stable. Google updates the latest google-chrome-stable binary very often, just like what they do in the Windows version.

    2. microsoft-edge-dev:

    Go to
    https://www.microsoftedgeinsider.com/en-us/download?platform=linux-deb
    and download the latest microsoft-edge-dev .deb file under the Dev channel. Install it using sudo apt install <.deb>. The .deb file also installs the microsoft-edge-dev repository in addition to the microsoft-edge-dev binary. So updating is simply a matter of sudo apt update && sudo apt install microsoft-edge-dev. Microsoft updates the latest Edge binary very often, just like what they do in the Windows version.

    You will find that these versions are very recent, a lot recent than the chromium versions on Debian.

    Hope this helps.

    • This reply was modified 3 weeks ago by calciumsodium.
    #67844
    Forum Admin
    anticapitalista
    Helpful
    Up
    0

    For chrome, users can find it in the package-installer and it will do its magic.

    Philosophers have interpreted the world in many ways; the point is to change it.

    antiX with runit - leaner and meaner.

    #67875
    Moderator
    ModdIt
    Helpful
    Up
    0

    Maybe the guy who found the CSV annoyed some agencys, one line of code to open the door.
    Bug is claimed fixed from Version 94 on.

    Vulnerable sites included Facebook, WellsFargo, Gmail , Zoom, Tiktok, Instagram, WhatsApp, Investopedia, ESPN, Roblox,
    Indeed, Blogger, Quora and more.

    Just another example of why it is better to block execution of java script whenever possible.

    #67877
    Member
    watsoccurring
    Helpful
    Up
    0

    For what it is worth there is an interesting comment about Chrome on Mental Outlaw’s(Alpha Nerd) channel on Odysee.com.

    #67878
    Moderator
    ModdIt
    Helpful
    Up
    0

    @watsoccurring,
    thanks for pointer, might help some of my users to understand more of what I tell them
    with regard to their search god googli and other, mostly US companys.

    China spies on citizens.

    US agencys and US Companys Spy on users over the whole world.

    I do use ungoogled chromium at times.
    OT: On a phone blocking google playstore gives a massive increase in battery time.
    Better still, thanks to trump a non google Huawei Honor is my present phone, more than 4 days
    battery on a powerful smartphone.

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.