Daily Archives: October 8, 2020

Chromium 86 update resolves critical security issue

chromium_iconGoogle developers have released Chromium 86 to the public. Head over to the “Stable Channel” blog to read more details about this new major version.

And then get the fresh packages for chromium-86.0.4240.75 ! This is an urgent upgrade request, because the new release plugs a critical security hole in the online payments code which gives the attacker full access to your local machine (CVE-2020-15967: Use after free in payments).

Chromium 86 addresses 34 other security issues, none of the others are critical.

The 86 release comes with some nice new features, like:

  • Background Tab Throttling: the tabs that you have open in the background get ‘throttled’ after 5 minutes of inactivity, so that they consume at most 1% of the CPU time.
  • HTTP forms on a HTTPS page: Chromium will warn you if you are about to enter form data over an insecure connection embedded in a secure web page.
  • Quick password check enhancements: in the Settings page for passwords (chrome://settings/passwords) you’ll find a “password check” button which validates your stored passwords against the database of leaked passwords. And now in Chromium 86, it will attempt to automatically open the “password change” page for affected web sites that conform to the  “well-known URL for changing passwords” W3C draft specification which many web sites already adopted after Apple initially introduced the feature.

But also this is useful to know:

  • FTP protocol depreciation: In Chromium 86, support for FTP URLs will be disabled for 1% of users, but you can still re-enable FTP URL support via the “–enable-ftp” commandline parameter to chromium. In Chromium 87, the support for FTP will be disabled for 50% of the active users and Chromium 88 will no longer support FTP links.
    The expectation is that Chromium 88 hits the “stable channel” on January 19th, 2021. Be warned!

Slackware packages for Chromium 86.0.4240.75 are in my package repository as 64bit and 32bit versions for both Slackware 14.2 and -current. See: https://slackware.nl/people/alien/slackbuilds/chromium/ (rsync://slackware.nl/mirrors/people/alien/slackbuilds/chromium/)

Enjoy! Eric