Chromium 99 critical security fix, upgrade asap

I have uploaded new chromium 99 packages for Slackware. The chromium-ungoogled 99 packages are currently being built and will follow shortly.
These new packages were triggered by a recent Google Chromium update which mentions a fix for a security hole which allows remote attackers to take control of your computer. Opening a malicious advertisement or web page is already sufficient, the vulnerability does not need any interaction to do its work. See CVE-2022-0971.

Get my Chromium packages for version 99.0.4844.74 from my repository or any mirror, and upgrade to these as soon as you can: https://slackware.nl/people/alien/slackbuilds/chromium/ or https://us.slackware.nl/people/alien/slackbuilds/chromium/

Links to the un-googled chromium: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

These packages work on Slackware 14.2 and newer, 32bit as well as 64bit variants still of course.

On 32bit Slackware 15.0 and newer, Patrick has updated the profile script as part of a qt5 package upgrade so that Chromium crashes are prevented by automatically disabling the seccomp filter sandbox:

# Unfortunately Chromium and derived projects (including QtWebEngine) seem
# to be suffering some bitrot when it comes to 32-bit support, so we are
# forced to disable the seccomp filter sandbox on 32-bit or else all of these
# applications crash. If anyone has a patch that gets these things running on
# 32-bit without this workaround, please let volkerdi or alienBOB know, or
# post your solution on LQ. Thanks. :-)
if file /bin/cat | grep -wq 32-bit ; then
  export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
fi

Eric

11 thoughts on “Chromium 99 critical security fix, upgrade asap

  1. Pingback: Links 17/3/2022: Many Security Patches Released | Techrights




    1. Yeah well, I guess I’ll have to find some time to compile. Will take two days for the chrome and chrome-ungoogled packages, so I will do the 64bit packages first. I really doubt that anyone is still using the 32bit package.


      1. Just ‘found’ chromium-ungoogled-99.0.4844.82-x86_64-1alien and chromium-99.0.4844.82-x86_64-1alien in the changelog.
        Downloaded and installed here.
        Thanks alienbob !
        — kjh


        1. I released that version a few days ago and assumed that people would keep an eye on my RSS feed πŸ™‚
          Unfortunately 99.0.4844.82 is still vulnerable to the aforementioned zero-day CVE-2022-1096 and you’ll need my upcoming 99.0.4844.84 package to be safe against that one.


          1. dooh !
            Thanks alienbob πŸ™‚
            Will keep an eye on the ChangeLog.txt File.
            — kjh





Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.