Google released an update for Chrome/Chromium – their version 48 of the browser is now at “48.0.2564.109“. The chromium sources are still not available six days after the announcement, even though the official Chrome binary distributions were available right from the start. I think that this is inexcusable for a big company like Google, but this is not the first time that their autobots falter and no one cares enough to fix the release process. Notwithstanding some complaints by fellow application packagers.
So for this release I switched to the “chromium source tarball” git repository https://github.com/zcbenz/chromium-source-tarball/releases to get a tarball and compile some Slackware packages.
This chromium release addresses a couple of security issues with the following CVE numbers:
-
[$7500][546677] High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous.
-
[$7500][577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.
-
[$TBD][583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.
-
[$1000][509313] Medium CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn.
-
[571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous, working with HP’s Zero Day Initiative.
-
[585517] CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives.
Get my chromium packages in one of the usual locations:
- http://slackware.com/~alien/slackbuilds/ (primary server)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/ (my own US mirror)
- http://alien.slackbook.org/slackbuilds/ (US)
- http://slackware.org.uk/people/alien/slackbuilds/ (UK)
The widevine and pepperflash plugin packagess for chromium can be found in the same repository.
Have fun! Eric
Google’s been doing this a lot lately. For instance the OSX update to chrome was late a week. Mere oversight that they didn’t upload the correct boundary? I know, never ascribe to malice what’s explained by incompetence.
Er, binary. Autocorrect fail.
In the past didn’t Chromium and the widevine plugin have to
have the same version number?
Upon starting Chromium 48.0.2564.97, it told me to run:
sudo chmod -R 1777 /dev/shm
“ls /dev/shm” showed contains many PulseAudio files. Yet, Chromium didn’t detect any audio devices.
cwizardone , ideally, yes, because it indicates that I extracted the plugin from a Chrome binary of the same version.
Fortunately, the widevine plugin’s internal version has not changed for a long time, so the package in my repository will still work. I will update the widevine package soon-ish.
Eric: Google will stop providing 32-bit executables early March. I had a look at your SlackBuild and I see no *technical* reason to not produce a 32-bit executable. Will you continue to provide 32-bit executables?
Regards, Dick
Hmm, I meant “Google will stop providing 32-bit *Chrome* executables”.
And what about the plugins?
Regards again, Dick
Google has stated that it will stop providing pre-built 32-bit executables, but that the Chromium code can still be compiled as 32-bit code.
So I will still be providing 32-bit chromium packages after March.
Without the 32-bit binary chrome distribution this will of course mean the end of my 32-bit chrome-widevine-plugin and chrome-pepperflash-plugin packages.
The 64-bit plugins will still be shipped with the 64-bit chrome binaries.
Thank you Eric! Upgraded with no problems.