My thoughts on Slackware, life and everything

Chromium turns 50 (where’s the cake)

chromium_iconFive days ago, Chromium 50 was announced on the Google Chrome Releases blog. The 64bit package was built soon after, but then I needed my server’s processing power for the new KDE Plasma5 releases that have become available (Frameworks, Plasma) or will soon become available (Applications) and those required an update of the Qt5 package to 5.6.0… timeconsuming to build I can assure you! Especially if the build fails right at the end of 7 hours of compilation and a patch needs to be written…

So reserving time to compile the 32bit package for chromium took a while. And remember, even though I can still provide a 32bit Chromium browser, Google has ceased providing a 32bit version of their own Chrome browser – which means, no more updates to the 32bit PepperFlash and Widevine plugins.

This new release (50.0.2661.75) addresses a couple of security issues – some of these have a CVE number:

  • [$7500][590275] High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.
  • [$5000][589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.
  • [591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP’s Zero Day Initiative.
  • [$1500][589512] Medium CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
  • [$1500][582008] Medium CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.
  • [$500][570750] Medium CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.
  • [$1000][567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.
  • [$500][573317] Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.
  • [602697] CVE-2016-1659: Various fixes from internal audits, fuzzing and other initiatives.

 

As always, it is strongly advised to upgrade to this new version of Chromium. Get my chromium packages in one of the usual locations:

The widevine and pepperflash plugin packagess for chromium can be found in the same repository. The 64bit versions of these plugins were both updated with new libraries extracted from the official Google Chrome for Linux.

Have fun! Eric

9 Comments

  1. Jack

    Thank you, great packages!

  2. Eduardo

    Thank you Eric! So far it’s workin OK here.

  3. ikke

    Installed the latest “chromium-50.0.2661.75-x86_64-1alien.txz” in 0.8.0

    Get following error message :

    root@darkstar:/home/live /usr/bin/chromium: line 16: /usr/lib64/chromium/chromium: cannot execute binary file: Exec format error
    /usr/bin/chromium: line 16: /usr/lib64/chromium/chromium: Success

    Anything I can do?

    Thank you

  4. alienbob

    The error “cannot execute binary file: Exec format error” usually means you are trying to run 64bit code on a 32bit OS. Did you per chance download and use the 32bit Slackware Live ISO?

  5. ikke

    Thank you : you are right.

    Should have known. Feeling so stupid …

    Regards

  6. Ahmad

    I highly appreciate binary Chromium packages by Eric. I’ve noticed an issue for the last few releases. When I exit Chromium, the processes keep running in the background. I unchecked one option in the Settings (‘Continue running background apps when Chromium is closed’) but that doesn’t solve the issue. I did find some threads on the Internet but they are without any clear resolution.

  7. alienbob

    Ahmad I have noticed that behaviour here. When I disable “Continue running background apps when Chromium is closed” then after closing Chromium, no remaining chromium processes are seen in “ps ax” output.

  8. Ahmad

    It might not belong here, as it’s a specific issue. I ran ‘chromium-browser’ from the command line and after I close the browser, control doesn’t come back to the terminal. I had to to Ctrl+C. Errors/messages it threw out:
    http://pastebin.com/xmJYhdid

  9. alienbob

    Chrome/chromium by default starts a background process which keeps running if you close the browser window. That is the reason why your command prompt does not return.
    In that case, you should see an icon in your system tray where you can disable the backgroupd process. Or else you can disable this behaviour in the browser settings before closing all windows.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 Alien Pastures

Theme by Anders NorenUp ↑