My thoughts on Slackware, life and everything

Tag: cve (Page 4 of 21)

Chromium 103 (regular and ungoogled) available as Slackware package

Apologies for the delay, I was out of town, but i have finally uploaded my new chromium 103 packages for Slackware 14.2 and newer. Their un-googled siblings are also available. Thanks as always to Eloston and his friends for updating the patch-set for ungoogled-chromium.
Last week saw a Google Chromium update which addresses a series of vulnerabilities, which is nothing new of course, but in particular one security hole that has now been patched would allow remote attackers to take control of your computer and execute arbitrary code. See CVE-2022-2156. An update of your installed browser package seems in order.

You can find the Chromium packages (version 103.0.5060.53) at the usual places: my own repositories of course (or any mirror):

Links to the un-googled chromium:

As stated at the beginning of the article: these packages work on Slackware 14.2 and newer. You can download 32bit as well as 64bit variants.

Enjoy! Eric

Chromium 102 (regular and ungoogled) for 64bit Slackware

Google has released the sources for Chromium 102.0.5005.61. The release notes mention 32 security fixes. One of those (CVE-2022-1853) is listed as ‘critical’ and supposedly an attacker can craft a website in such a way that if you visit that URL, the attacker can compromise or take over your local computer. No clicking required.

And again it proves to be quite hard to compile 32bit packages for the new Chromium.
The Google developers create new hurdles almost every major release in their ‘assumption’ that there is no 32bit Linux out there that they should support. I am still working out what I need to fix/patch.

Therefore you can only get 64bit chromium packages here (NL mirror) or here (US mirror). Likewise the chromium-ungoogled packages (64bit only) are found here (NL mirror) or here (US mirror).

Cheers, Eric

Chromium 100 out-of-band security update addresses (again) a single vulnerability

I have uploaded new chromium 100 packages for Slackware. The chromium-ungoogled 100 packages are currently being built and will follow shortly.
What’s with all these updates that follow rapidly on each others’ heels? Just like the recent Chromium 99 security update which addressed a single critical vulnerability, last monday Google announced on their official blog the immediate availability of Chromium 100.0.4896.75. This hotfix release plugs a single hole which Google deemed serious enough to warrant the update. See CVE-2022-1232. The difference with last week is that no known exploit of this vulnerability is reported yet.
Still, it’s highly recommended that you upgrade ASAP.

My Chromium 100.0.4896.75 packages can be downloaded from my own repository (or any mirror that has synced up), for instance:

Once I have finished compiling the un-googled version of chromium and uploaded the packages, I will mention it in the comments section below and you can download them from: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

Until I get tired of compiling for Slackware 14.2 (aka once I have migrated my last server to 15.0) these packages will work on Slackware 14.2 and newer. I provide 32bit as well as 64bit variants.

Eric

Chromium 100 available

The Chromium version has reached a triple-digit number: I have uploaded new packages for Chromium 100 (Slackware 14.2 and newer, 32bit as well as 64bit). Specifically it is the release 100.0.4896.60 which was announced a few days ago. It fixes a number of vulnerabilities with the criticality label “high” which usually means it can crash your browser but not compromise your computer.

Google currently maintains a release schedule for Chromium where a new major version (98, 99, 100, …) is made available every month. This means that new features are not added with a big bang after being beta-tested for months, but the browser’s feature list will evolve over time.

For instance, this 100 release will be the last release where your UserAgent string mentions details about your OS; now it is still “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36“.

A return to Chromium 100 of a lost feature, is the ability to use the audio indicator in a browser tab to directly mute that tab. When website plays audio in a tab, the tab strip will mention that “audio is playing” when you hover your mouse over it, and it shows a speaker icon. Now, when you explicitly enable it with the flag “chrome://flags/#enable-tab-audio-muting” you can click that speaker icon to mute  the sound immediately instead of having to right-click first and then select “mute this site”.

Get chromium packages here (NL mirror) or here (US mirror). The chromium-ungoogled packages are still waiting for the source code to be released. I expect that to happen any time and then I’ll build and upload those packages too.

Enjoy the weekend, Eric

Chromium 99 critical security fix, upgrade asap

I have uploaded new chromium 99 packages for Slackware. The chromium-ungoogled 99 packages are currently being built and will follow shortly.
These new packages were triggered by a recent Google Chromium update which mentions a fix for a security hole which allows remote attackers to take control of your computer. Opening a malicious advertisement or web page is already sufficient, the vulnerability does not need any interaction to do its work. See CVE-2022-0971.

Get my Chromium packages for version 99.0.4844.74 from my repository or any mirror, and upgrade to these as soon as you can: https://slackware.nl/people/alien/slackbuilds/chromium/ or https://us.slackware.nl/people/alien/slackbuilds/chromium/

Links to the un-googled chromium: https://slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ or https://us.slackware.nl/people/alien/slackbuilds/chromium-ungoogled/ .

These packages work on Slackware 14.2 and newer, 32bit as well as 64bit variants still of course.

On 32bit Slackware 15.0 and newer, Patrick has updated the profile script as part of a qt5 package upgrade so that Chromium crashes are prevented by automatically disabling the seccomp filter sandbox:

# Unfortunately Chromium and derived projects (including QtWebEngine) seem
# to be suffering some bitrot when it comes to 32-bit support, so we are
# forced to disable the seccomp filter sandbox on 32-bit or else all of these
# applications crash. If anyone has a patch that gets these things running on
# 32-bit without this workaround, please let volkerdi or alienBOB know, or
# post your solution on LQ. Thanks. :-)
if file /bin/cat | grep -wq 32-bit ; then
  export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
fi

Eric

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑