Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 188 other subscribers

My Favourites

Slackware

Calendar

May 2016
M T W T F S S
« Apr    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

Meta

Security update for Chromium 48

chromium_iconGoogle released an update for Chrome/Chromium – their version 48 of the browser is now at “48.0.2564.109“. The chromium sources are still not available six days after the announcement, even though the official Chrome binary distributions were available right from the start. I think that this is inexcusable for a big company like Google, but this is not the first time that their autobots falter and no one cares enough to fix the release process. Notwithstanding some complaints by fellow application packagers.

So for this release I switched to the “chromium source tarball” git repository https://github.com/zcbenz/chromium-source-tarball/releases to get a tarball and compile some Slackware packages.

This chromium release addresses a couple of security issues with the following CVE numbers:

  • [$7500][546677] High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous.
  • [$7500][577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [$TBD][583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.
  • [$1000][509313] Medium CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn.
  • [571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous, working with HP’s Zero Day Initiative.
  • [585517] CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives.

Get my chromium packages in one of the usual locations:

The widevine and pepperflash plugin packagess for chromium can be found in the same repository.

Have fun! Eric

Comments

Comment from Jen
Posted: February 15, 2016 at 01:01

Google’s been doing this a lot lately. For instance the OSX update to chrome was late a week. Mere oversight that they didn’t upload the correct boundary? I know, never ascribe to malice what’s explained by incompetence.

Comment from Jen
Posted: February 15, 2016 at 01:01

Er, binary. Autocorrect fail.

Comment from cwizardone
Posted: February 15, 2016 at 03:24

In the past didn’t Chromium and the widevine plugin have to
have the same version number?

Comment from Geremia
Posted: February 15, 2016 at 03:59

Upon starting Chromium 48.0.2564.97, it told me to run:

sudo chmod -R 1777 /dev/shm

“ls /dev/shm” showed contains many PulseAudio files. Yet, Chromium didn’t detect any audio devices.

Comment from alienbob
Posted: February 15, 2016 at 10:34

cwizardone , ideally, yes, because it indicates that I extracted the plugin from a Chrome binary of the same version.
Fortunately, the widevine plugin’s internal version has not changed for a long time, so the package in my repository will still work. I will update the widevine package soon-ish.

Pingback from Links 16/2/2016: FOSS Search Engine of Wikipedia, Street Fighter V on GNU/Linux | Techrights
Posted: February 16, 2016 at 11:49

[…] Security update for Chromium 48 […]

Comment from D.L.C. Burggraaff
Posted: February 19, 2016 at 11:52

Eric: Google will stop providing 32-bit executables early March. I had a look at your SlackBuild and I see no *technical* reason to not produce a 32-bit executable. Will you continue to provide 32-bit executables?
Regards, Dick

Comment from D.L.C. Burggraaff
Posted: February 19, 2016 at 11:54

Hmm, I meant “Google will stop providing 32-bit *Chrome* executables”.

Comment from D.L.C. Burggraaff
Posted: February 19, 2016 at 13:13

And what about the plugins?
Regards again, Dick

Comment from alienbob
Posted: February 19, 2016 at 14:02

Google has stated that it will stop providing pre-built 32-bit executables, but that the Chromium code can still be compiled as 32-bit code.
So I will still be providing 32-bit chromium packages after March.
Without the 32-bit binary chrome distribution this will of course mean the end of my 32-bit chrome-widevine-plugin and chrome-pepperflash-plugin packages.
The 64-bit plugins will still be shipped with the 64-bit chrome binaries.

Comment from Eduardo
Posted: February 22, 2016 at 14:16

Thank you Eric! Upgraded with no problems.

Write a comment