Chromium 86 update resolves critical security issue

chromium_iconGoogle developers have released Chromium 86 to the public. Head over to the “Stable Channel” blog to read more details about this new major version.

And then get the fresh packages for chromium-86.0.4240.75 ! This is an urgent upgrade request, because the new release plugs a critical security hole in the online payments code which gives the attacker full access to your local machine (CVE-2020-15967: Use after free in payments).

Chromium 86 addresses 34 other security issues, none of the others are critical.

The 86 release comes with some nice new features, like:

  • Background Tab Throttling: the tabs that you have open in the background get ‘throttled’ after 5 minutes of inactivity, so that they consume at most 1% of the CPU time.
  • HTTP forms on a HTTPS page: Chromium will warn you if you are about to enter form data over an insecure connection embedded in a secure web page.
  • Quick password check enhancements: in the Settings page for passwords (chrome://settings/passwords) you’ll find a “password check” button which validates your stored passwords against the database of leaked passwords. And now in Chromium 86, it will attempt to automatically open the “password change” page for affected web sites that conform to the  “well-known URL for changing passwords” W3C draft specification which many web sites already adopted after Apple initially introduced the feature.

But also this is useful to know:

  • FTP protocol depreciation: In Chromium 86, support for FTP URLs will be disabled for 1% of users, but you can still re-enable FTP URL support via the “–enable-ftp” commandline parameter to chromium. In Chromium 87, the support for FTP will be disabled for 50% of the active users and Chromium 88 will no longer support FTP links.
    The expectation is that Chromium 88 hits the “stable channel” on January 19th, 2021. Be warned!

Slackware packages for Chromium 86.0.4240.75 are in my package repository as 64bit and 32bit versions for both Slackware 14.2 and -current. See: https://slackware.nl/people/alien/slackbuilds/chromium/ (rsync://slackware.nl/mirrors/people/alien/slackbuilds/chromium/)

Enjoy! Eric

15 thoughts on “Chromium 86 update resolves critical security issue




  1. Pingback: Links 9/10/2020: DMEMFS Proposed for Linux, LibreOffice 7.0.2 and GNOME 3.38.1 Released | Techrights



  2. Thanks a lot for the update Eric!

    I’m using Slackware64 14.2 on two machines, and on both of them it seems there are a few problem with both Chrome and Chromium 86.

    – The cursor changes color to black as soon as it enters the browser.
    – on some of the links the cursor turns to the ugly old left-pointing hand pointer rather the normal up-pointing hand pointer.
    – The menu behaves weirdly when opened, specifically, the items don’t highlight when you hover over them, and the interaction with menu doesn’t feel quite what it used to.
    – Changing some the settings caused the browser to crash a few times.

    Since I have this problem with both Chrome and Chromium, it doesn’t seem to be from your package. Still, this has left me, as a Slackware 14.2 user pretty helpless, because the Slackware 14.2’s own Firefox has already missed quite a few important updates, and now the experience with Chrome and Chromium isn’t quite what it used to be.


    1. I am running Slackware 14.2 on a server and I have a 24/7 XFCE graphical session open there.
      I am using Chromium in that XFCE session and do not experience the issues you describe.
      It must be related to a GTK theming incompatibility perhaps? Have you tried creating a fresh new user and look at what happens with Chromium in a default setting? What is the desktop environment you are using, and does the problem persist if you switch (as a test) to a different desktop environment?


      1. Thanks for the quick reply Eric!

        I’m using Slackware’s own KDE 14.4 as my default environment. I rebooted and switched to XFCE4 and the problem persists. By default GTK theme is disabled on my Chromium. I also tried creating a new user, and it didn’t help either. Let me know if you need more information.


        1. Perhaps you are missing a package containing stuff the latest Chrome/Chromium wants to use? I.e. do you have a full Slackware 14.2 installation including all the patches?


          1. Yes, I have a full installation, except for some of localization packages + freetype (which I have recompiled & installed for subpixel hinting) + xf86-video-nouveau. Fortunately but weirdly, it seems no one else has this problem…



  3. Thank you, but I have a problem with version chromium-86.0.4240.75 32-bit slackware 14.2 on Netflix. Fullscreen mode doesn’t work. I downgrade to version Wersja 85.0.4183.102 and now is ok. Could you explain nature of of problem?


    1. I do not run 32bit Slackware 14.2 myself, so I installed Chromium 86.0.4240.75 and the Widevide package in a 32bit Slackware 14.2 virtual machine. I have to disappoint you: I was able to play a Netflix video (Lucifer S05E02) fullscreen without any issue.
      The problem is not with the packages, perhaps it is your graphics driver preventing the full-screen.


    2. I have the issues with full screen mode also. Running 14.2 64 and xfce. I had not experienced this until the latest version.

      My PC is a Lenovo B560.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.