Tag: cve (Page 1 of 21)

Google fixes the 8th zero-day in Chromium in 2023

December 22, 2023 / alienbob / 19 Comments

Chromium 120.0.6099.129 for which the source code was released two days ago repairs a zero-day vulnerability.

Zero-day means that the vulnerability is already actively exploited in the wild. Hopefully the last time this year, but it is already the 8th zero-day which was reported and fixed in Chromium. The new zero-day is labeled CVE-2023-7024.
It’s therefore highly recommended to upgrade your chromium and also ungoogled-chromium packages.

Find the updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled in my repository and its mirrors (like my own US server and in a short while, the UK mirror).

Cheers, Eric

Chromium 118 (also ungoogled) is a security update

October 14, 2023 / alienbob / 18 Comments

I uploaded new 64bit packages for Chromium 118.0.5993.70 (also the un-googled variant) for which the sources were released a few days ago. This first release in the 118 series addresses a critical vulnerability (CVE-2023-5218) so it’s wise to upgrade.
As mentioned in a previous blog post, future 32bit package updates will have a lower frequency: one update per month. Google has increased the frequency of its Chromium releases dramatically (one per week) and I just cannot keep up. If you need that 32bit package badly now, you can of course grab the sources and my SlackBuild and build it yourself.

Looking at this 118 major release, one thing you need to be aware of is the changed behavior of “Enhanced Safe Browsing” which you can enable in the browser’s security settings (chrome://settings/security). Probably most of you already have this enabled. This is what changed:

Google will be able to disable an installed browser extension remotely if it determines the extension is labeled as ‘malicious’ and the extension was not installed via the Chrome Web Store.
The browser’s security checks of downloaded online content have been enhanced with so-called ‘deep scanning’ meaning the browser may now ask you for a password to open a protected archive you just downloaded. Note that the scanning occurs in Google’s datacenter – when you enable ‘enhanced safe browsing’ you consent to uploading some of your data to Google for the specific purpose of scanning and analyzing it for malicious content.
Also with ‘enhanced safe browsing’ enabled, the browser will send telemetry data about installed browser extensions using the chrome.tabs API to Google’s servers for analysis. This is meant to improve the “detection of malicious and policy violating extensions”.

It is up to you to decide which way the tradeoff between enhanced security and sharing data with Google works for you. If you don’t feel comfortable with this and you value your privacy, then you need to disable (or not enable) ‘Enhanced Safe Browsing’ in the settings.

Find the updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled in my repository and its mirrors (like my own US server and in a short while, the UK mirror).

Cheers, Eric

Chromium package and release update

October 6, 2023 / alienbob / 4 Comments

You have surely noticed an increase in the frequency with which I am releasing new chromium and chromium-ungoogled packages. This is caused by a new release policy from Google, with an update every week and a bump in the major version (currently 117) every month.
I have tried keeping up with that schedule, but I am giving up.
My reasons? One chromium or chromium-ungoogled package takes 11+ hours to compile (part of the Chromium compilation involves compiling Google’s customized clang compiler). Every update, I need to compile 4 packages. It takes away the fun in updating them to be honest. I don’t know for whom I actually create the 32bit packages still.

So, from this moment onwards, my own package release policy changes as follows. I will keep up with the Google source release cycle, but only for the 64bit packages. My 32bit packages for chromium and chromium-ungoogled will be updated no more than once per month, unless there’s a big security hole to be patched.

By the way, I uploaded new chromium packages for 117.0.5938.149 yesterday and today I added its chromium-ungoogled sibling (64bit only).

Find the updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled in my repository and its mirrors (like my own US server and in a short while, the UK mirror).

Cheers, Eric

Chromium 117.0.5938.132 fixes zero-day exploit

September 29, 2023 / alienbob / 6 Comments

Just yesterday I uploaded my packages for chromium and chromium-ungoogled to 117.0.5938.92. Only to discover right before heading to bed that there’s a new security update available… Chromium 117.0.5938.132 fixes a zero-day vulnerability in libvpx (CVE-2023-5217) which is already actively exploited to install spyware on computers.

The chromium packages for 117.0.5938.132 are already available in my repository. The chromium-ungoogled packages are currently compiling and will become available in the evening (CET timezone) i.e. later today.
It’s highly recommended to upgrade to my latest chromium and chromium-ungoogled packages.

Find the updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled in my repository and its mirrors (like my own US server and in a short while, the UK mirror).

Cheers, Eric

Chromium 114.0.5735.133 packages address critical bug

June 17, 2023 / alienbob / 27 Comments

Chromium, regular and un-googled.

Earlier this week, Google released its 114.0.5735.133 update for Chromium 114.
This is a bugfix release and on the list of addressed security issues, there’s one which is labeled as ‘critical‘, labeled CVE-2023-3214. Three other fixes are labeled with a vulnerability rating of ‘high‘.
As always, it is wise to upgrade to my latest chromium and chromium-ungoogled packages.

The updated Slackware 15.0 and -current packages both for chromium and chromium-ungoogled are available in my repository and its mirrors (like my own US server and in a short while, the UK mirror).

Cheers, Eric

April 2024
M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Fri, 19 Apr 2024 19:34:45 GMT April 19, 2024
15.0/aaa_glibc-solibs-2.33_multilib-x86_64-6alien.txz: Rebuilt. 15.0/glibc-2.33_multilib-x86_64-6alien.txz: Rebuilt. Addresses CVE-2024-2961 (* Security fix *) 15.0/glibc-i18n-2.33_multilib-x86_64-6alien.txz: Rebuilt. 15.0/glibc-profile-2.33_multilib-x86_64-6alien.txz: Rebuilt. 15.0/slackware64-compat32: Refreshed the *compat32 packages. current/aaa_glibc-solibs-2.39_multilib-x86_64-2alien.txz: Rebuilt. current/glibc-2.39_multilib-x86_64-2alien.txz: Rebuilt. Addresses CVE-2024-2961 (* Security fix *) current/glibc-i18n-2.39_multilib-x86_64-2alien.txz: Rebuilt. current/glibc-profile-2.39_multilib-x86_64-2alien.txz: Rebuilt. current/slackware64-compat32: Refreshed the *compat32 packages.
Mon, 1 Apr 2024 15:52:53 GMT April 1, 2024
current/compat32-tools: added l/duktape and n/nss-mdns to massconvert32.sh. current/slackware64-compat32: Refreshed the *compat32 packages.

SlackBuilds.org changes for Sat, 20 Apr 2024 14:15:42 GMT
academic/cadabra2: Updated for version 2.4.5.6. academic/kissat: Added (SAT solver). academic/lammps: Remove doinst.sh. academic/lammps: Updated for version 2023.08.02_update3. academic/rpy2: Upgrade to version 3.5.16 academic/x48: Fixed MD5SUM. audio/amSynth: Updated for version 1.13.3. audio/bitwig-studio: Updated to 5.1.7 audio/kanola: Removed (Upstream is gone). audio/mpdscribble: Switch to meson. desktop/Tela-icon-theme: Updated for version 2024_04_19. desktop/ansiweather: Added (Weather in terminal). desktop/jwm: Updated […]

Tag: cve (Page 1 of 21)

Google fixes the 8th zero-day in Chromium in 2023

Chromium 118 (also ungoogled) is a security update

Chromium package and release update

Chromium 117.0.5938.132 fixes zero-day exploit

Chromium 114.0.5735.133 packages address critical bug

About this blog

Sponsoring

Categories

Subscribe to Blog via Email

My Favourites

Online me

Slackware

Calendar

slackbuilds

multilib

Slackware64-current

SBo

Meta

Top Posts & Pages

Recent posts

Recent comments