Alien Pastures

My thoughts on Slackware, life and everything

Chromium 99 critical security fix, upgrade asap

March 17, 2022 / / 11 Comments

I have uploaded new chromium 99 packages for Slackware. The chromium-ungoogled 99 packages are currently being built and will follow shortly.
These new packages were triggered by a recent Google Chromium update which mentions a fix for a security hole which allows remote attackers to take control of your computer. Opening a malicious advertisement or web page is already sufficient, the vulnerability does not need any interaction to do its work. See CVE-2022-0971.

Get my Chromium packages for version 99.0.4844.74 from my repository or any mirror, and upgrade to these as soon as you can: https://slackware.nl/people/alien/slackbuilds/chromium/ or https://us.slackware.nl/people/alien/slackbuilds/chromium/

Links to the un-googled chromium: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

These packages work on Slackware 14.2 and newer, 32bit as well as 64bit variants still of course.

On 32bit Slackware 15.0 and newer, Patrick has updated the profile script as part of a qt5 package upgrade so that Chromium crashes are prevented by automatically disabling the seccomp filter sandbox:

# Unfortunately Chromium and derived projects (including QtWebEngine) seem
# to be suffering some bitrot when it comes to 32-bit support, so we are
# forced to disable the seccomp filter sandbox on 32-bit or else all of these
# applications crash. If anyone has a patch that gets these things running on
# 32-bit without this workaround, please let volkerdi or alienBOB know, or
# post your solution on LQ. Thanks. :-)
if file /bin/cat | grep -wq 32-bit ; then
  export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
fi

Eric

Software

10 Comments

  1. Konrad J Hambrick

    Thanks as always, Eric
    — kjh

    Reply
  2. gegechris99

    Thanks Eric for quick update of chromium-ungoogled.

    Reply
    • alienbob (Post author)

      Yeah well, I guess I’ll have to find some time to compile. Will take two days for the chrome and chrome-ungoogled packages, so I will do the 64bit packages first. I really doubt that anyone is still using the 32bit package.

      Reply
      • Konrad J Hambrick

        Just ‘found’ chromium-ungoogled-99.0.4844.82-x86_64-1alien and chromium-99.0.4844.82-x86_64-1alien in the changelog.
        Downloaded and installed here.
        Thanks alienbob !
        — kjh

        Reply
        • alienbob (Post author)

          I released that version a few days ago and assumed that people would keep an eye on my RSS feed πŸ™‚
          Unfortunately 99.0.4844.82 is still vulnerable to the aforementioned zero-day CVE-2022-1096 and you’ll need my upcoming 99.0.4844.84 package to be safe against that one.

          Reply
          • Konrad J Hambrick

            dooh !
            Thanks alienbob πŸ™‚
            Will keep an eye on the ChangeLog.txt File.
            — kjh

            Reply
          • alienbob (Post author)

            The 64bit packages for chromium and chromium-ungoogled, version 99.0.4844.84, are now online.

            Reply
  4. Konrad J Hambrick

    Thanks again, alienbob !
    upgradepkg’d on my system

    Reply
  5. Marco

    Thank you Eric!

    Reply

1 Pingback

  1. Links 17/3/2022: Many Security Patches Released | Techrights

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 Alien Pastures

Theme by Anders NorenUp ↑