[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Chromium Browser for Kicksecure Discussions (not Whonix)

It isn’t an issue. You are doing it wrong. They are both verifiably the exact same. I even showed you the contents of the desktop file to prove that.

Yes, how many times do I need to say this?

AFAIK --force-webrtc-ip-handling-policy can be used as a command line argument to configure the policy.

https://peter.sh/experiments/chromium-command-line-switches/#force-webrtc-ip-handling-policy

What you said is wrong.

The 3 choices to grab the latest non-ESR FF are:

  1. Flatpak
  2. Apt pinning + install from Debian Sid
  3. Manually installing the tarball from the official FF site. (Alternatively forking/re-pruposing Tor Browser downloader to fetch and verify the code).

Given that there is no upstream support for updated Chromium releases for Linux and that Debian will always lag behind because they are stretched too thin, I think having the freshest FF is better in this case and less likely for the user to be running code with 100< gaping holes known for 6+ months.

They do have a default browser installed.

Chromium is more like a browser toolkit. Something Google can use as a base to maintain proprietary Chrome or third parties can use to create browser forks. But it’s not a “standalone browser project”. What I mean by that, it’s not maintained as per convention, as other Open Source browsers are maintained, i.e. stable releases and binary builds available for public download. The “real browser project” is Chrome, but it’s proprietary.

And since no other third party fills this void either…

… Chromium by itself unfortunately isn’t a suitable option.

1 Like

Chromium is a fully fledged browser. Chrome == Chromium with very few unimportant changes: https://chromium.googlesource.com/chromium/src/+/refs/heads/master/docs/chromium_browser_vs_google_chrome.md

They just leave packaging to the distro.

…which results in total failure. (Due to lack of stable releases?) Hence…

Debian version of Chromium reported to be exploited in the wild.

Patch Google Chrome with the latest updates – if you don’t, you’re vulnerable to a zero-day that is actively being exploited, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned.

Criminals are targeting users of Chrome with outdated installations, CISA said in an advisory note urging folk to update their browsers immediately.

“Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux addressing multiple vulnerabilities, including vulnerability CVE-2020-16009. Exploit code for this vulnerability exists in the wild,” said the agency in a statement.

Debian affected by CVE-2020-16009 at time of writing, see:

https://web.archive.org/web/20201109070427/https://security-tracker.debian.org/tracker/CVE-2020-16009

3 Likes

Now discussed on debian-security mailing list:

Is chromium updated?


Might be an option. Last resort. Not nice to have two updating systems. Already confusing in Whonix to have upgrades from Debian and separately for Tor Browser.

I guess not sustainable due to dependency hell (FrankenDebian).

Also an option but flatpak probably better.


Linux Mint Debian Edition (LMDE)

https://en.wikipedia.org/wiki/Linux_Mint#LMDE

LMDE 4 (a.k.a. Debbie) is based on Debian Buster (version 10),

Would downloading the chromium package from LMDE and uploading to Kicksecure repository be an option?

Are LMDE packages (supposed to be) compatible with Debian?

LMDE has a newer version of chromium:
https://community.linuxmint.com/software/view/chromium

  • Chrome: 86.0.4240.183
  • LMDE: 86.0.4240.198~linuxmint1+ulyana

Frankly their security process is inferior to Debian and I wouldn’t import anything from that distro.

Yes though Debian Testing

Please elaborate.

Still Debian testing?

Their infrastructure was hacked and had a link to backdoored versions - while that won’t affect end to end signed packages it doesn’t inspire confidence. Also they do not have a security team nor do they assign CVEs to affected software like Debian does also they don’t have the resources to implement reproducibly built packages like Debian does so any Mint specific packages will be a risk in the future.

They used to have a frankenDebian thing going on, but it changed in recent versions. However they are way behind on releasing versions that track Debian stable. For example LMDE 4 was only just released a few months ago this year, Depending on anything from LMDE means running something compatible with old-stable for a very long time which might introduce dependency hell.

1 Like

That’s not the only CVE being exploited in the wild it’s affected by.

https://security-tracker.debian.org/tracker/CVE-2020-16013

https://security-tracker.debian.org/tracker/CVE-2020-16017

Likely many more.

2 Likes

What about chromium sourced from snap store?

Related:

They do little oversight of package safety/maintenance. A hidden cryptocurrency miner was slipped thru in uploads. Major apps lacked updates for a long time. Server components of the snap packaging system remain closed which gives Canonical control over the tech. Avoiding the support and proliferation of their lock-in format is a good move IMO.

Also Ubuntu anything has the tendency to be half baked abandonware once Canonical grows bored with it after they fail to monetize it.

1 Like

Good points. Quoted in the dedicated snap forum thread. Snap Store / snaps / snapd / snapcraft.io - a new software source? Please redirect further discussion on snap there. Leave a link here if relevant.


Would also appreciate an opinion on flathub in flathub as a source of software as this might also turn out as suitable software source for Firefox and/or Chromium.

Chromium version comparison


snapstore

latest/stable 87.0.4280.88 3 December 2020


vs flathub

December 4, 2020 Version 87.0.4280.88


I cannot find any version number for Chrome, Chromium but I guess it’s the same as Chrome OS as published on the google blog.

Shows the same version number.


In conclusion, both snapstore and flathub are up to date.

1 Like

There’s no stable Chromium version, there’s a daily release. Chrome however does have stable point releases as noted on wiki:

87.0.4280

1 Like

Debian removes Chromium from the next release:

1 Like

ungoogled-chromium

December 15, 2020, Version 87.0.4280.88

Therefore no longer considering ungoogled-chromium from flathub.

Quote https://tracker.debian.org/pkg/chromium

[2020-12-13] chromium REMOVED from testing (Debian testing watch)

Quote

Previous version: 83.0.4103.116-3.1
Current version: (not in testing)
Hint: https://release.debian.org/britney/hints/elbrus
# 20201212
Bug #973848: chromium: Unsupported version, many security bugs unfixed
Bug #960454: chromium: Make Chromium ask before downloading and enabling DRM
Bug #972134: chromium: please, consider moving the package to team-maintainance to properly maintain it
Bug #977103: chromium: FTBFS on armhf: error: write to reserved register ‘R7’
Bug #976292: design-desktop-web: drop chromium as Depends

  • Migration status for chromium (- to 83.0.4103.116-3.1): BLOCKED: Rejected/violates migration policy/introduces a regression

Quote https://qa.debian.org/excuses.php?package=chromium

Excuse for chromium

Excuses generated Sun Dec 20 10:08:21 2020

There is still recent development activity in some of these bugs. Therefore chromium might re-enter Debian testing.

Succeeded running Chromium from Flathub in Kicksecure.

Documented here:

(Documented in Whonix wiki for Whonix since kicksecure.com wiki is not yet ready.)

Related: flathub as a source of software

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]