My thoughts on Slackware, life and everything

Chromium 86 update resolves critical security issue

chromium_iconGoogle developers have released Chromium 86 to the public. Head over to the “Stable Channel” blog to read more details about this new major version.

And then get the fresh packages for chromium-86.0.4240.75 ! This is an urgent upgrade request, because the new release plugs a critical security hole in the online payments code which gives the attacker full access to your local machine (CVE-2020-15967: Use after free in payments).

Chromium 86 addresses 34 other security issues, none of the others are critical.

The 86 release comes with some nice new features, like:

  • Background Tab Throttling: the tabs that you have open in the background get ‘throttled’ after 5 minutes of inactivity, so that they consume at most 1% of the CPU time.
  • HTTP forms on a HTTPS page: Chromium will warn you if you are about to enter form data over an insecure connection embedded in a secure web page.
  • Quick password check enhancements: in the Settings page for passwords (chrome://settings/passwords) you’ll find a “password check” button which validates your stored passwords against the database of leaked passwords. And now in Chromium 86, it will attempt to automatically open the “password change” page for affected web sites that conform to the  “well-known URL for changing passwords” W3C draft specification which many web sites already adopted after Apple initially introduced the feature.

But also this is useful to know:

  • FTP protocol depreciation: In Chromium 86, support for FTP URLs will be disabled for 1% of users, but you can still re-enable FTP URL support via the “–enable-ftp” commandline parameter to chromium. In Chromium 87, the support for FTP will be disabled for 50% of the active users and Chromium 88 will no longer support FTP links.
    The expectation is that Chromium 88 hits the “stable channel” on January 19th, 2021. Be warned!

Slackware packages for Chromium 86.0.4240.75 are in my package repository as 64bit and 32bit versions for both Slackware 14.2 and -current. See: https://slackware.nl/people/alien/slackbuilds/chromium/ (rsync://slackware.nl/mirrors/people/alien/slackbuilds/chromium/)

Enjoy! Eric

16 Comments

  1. gauchao

    Thank you very much, Eric.

  2. David Hunt

    Thank you. If I hadn’t subscribed to your email updates, I’d be unaware. Upgrading now.

  3. Darren Drapkin

    Thank goodness I stil have some dedicated ftp clients for those big/tedious downloads

  4. Eduardo

    Thank you Eric! So far no problems, works very well.

  5. TheTKS

    Thanks again, Eric, for both the update and the background information. Working perfectly on my Slackware64 14.2.

    TKS

  6. MeH

    Thanks a lot for the update Eric!

    I’m using Slackware64 14.2 on two machines, and on both of them it seems there are a few problem with both Chrome and Chromium 86.

    – The cursor changes color to black as soon as it enters the browser.
    – on some of the links the cursor turns to the ugly old left-pointing hand pointer rather the normal up-pointing hand pointer.
    – The menu behaves weirdly when opened, specifically, the items don’t highlight when you hover over them, and the interaction with menu doesn’t feel quite what it used to.
    – Changing some the settings caused the browser to crash a few times.

    Since I have this problem with both Chrome and Chromium, it doesn’t seem to be from your package. Still, this has left me, as a Slackware 14.2 user pretty helpless, because the Slackware 14.2’s own Firefox has already missed quite a few important updates, and now the experience with Chrome and Chromium isn’t quite what it used to be.

    • alienbob

      I am running Slackware 14.2 on a server and I have a 24/7 XFCE graphical session open there.
      I am using Chromium in that XFCE session and do not experience the issues you describe.
      It must be related to a GTK theming incompatibility perhaps? Have you tried creating a fresh new user and look at what happens with Chromium in a default setting? What is the desktop environment you are using, and does the problem persist if you switch (as a test) to a different desktop environment?

      • MeH

        Thanks for the quick reply Eric!

        I’m using Slackware’s own KDE 14.4 as my default environment. I rebooted and switched to XFCE4 and the problem persists. By default GTK theme is disabled on my Chromium. I also tried creating a new user, and it didn’t help either. Let me know if you need more information.

        • alienbob

          Perhaps you are missing a package containing stuff the latest Chrome/Chromium wants to use? I.e. do you have a full Slackware 14.2 installation including all the patches?

          • MeH

            Yes, I have a full installation, except for some of localization packages + freetype (which I have recompiled & installed for subpixel hinting) + xf86-video-nouveau. Fortunately but weirdly, it seems no one else has this problem…

          • MeH

            Also I never had this problem before updating to Chromium 86.

    • Andrew

      I have similar problems since 86.0.4240.75
      – No highlights on menu entries
      – Full screen videos don’t work, all video works fine and smoothly until I click on full screen. I googled it a lot and tried some solution from other distros but none of them worked for me.

      I have a full install of Slackware 14.2 with XFCE.

  7. Azirek

    Thank you, but I have a problem with version chromium-86.0.4240.75 32-bit slackware 14.2 on Netflix. Fullscreen mode doesn’t work. I downgrade to version Wersja 85.0.4183.102 and now is ok. Could you explain nature of of problem?

    • alienbob

      I do not run 32bit Slackware 14.2 myself, so I installed Chromium 86.0.4240.75 and the Widevide package in a 32bit Slackware 14.2 virtual machine. I have to disappoint you: I was able to play a Netflix video (Lucifer S05E02) fullscreen without any issue.
      The problem is not with the packages, perhaps it is your graphics driver preventing the full-screen.

    • Thomas Angle

      I have the issues with full screen mode also. Running 14.2 64 and xfce. I had not experienced this until the latest version.

      My PC is a Lenovo B560.

  8. alienbob

    Again, I can not reproduce any of this, not in a 32bit virtual machine with Slackware 14.2/XFCE, nor on my server running Slackware64 14.2 and XFCE.
    Since this seems to happen both with Google’s own Chrome binaries and with my Chromium Slackware-compiled package, it may help you more to post this on the Google bug tracker, or even discuss it on the Slackware forum of linuxquestions.org.

Leave a Reply to Eduardo Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 Alien Pastures

Theme by Anders NorenUp ↑