Chromium Browser for Kicksecure Discussions (not Whonix)

Frankly their security process is inferior to Debian and I wouldn’t import anything from that distro.

Yes though Debian Testing

Please elaborate.

Still Debian testing?

Their infrastructure was hacked and had a link to backdoored versions - while that won’t affect end to end signed packages it doesn’t inspire confidence. Also they do not have a security team nor do they assign CVEs to affected software like Debian does also they don’t have the resources to implement reproducibly built packages like Debian does so any Mint specific packages will be a risk in the future.

https://www.techrepublic.com/article/why-the-linux-mint-hack-is-an-indicator-of-a-larger-problem/

They used to have a frankenDebian thing going on, but it changed in recent versions. However they are way behind on releasing versions that track Debian stable. For example LMDE 4 was only just released a few months ago this year, Depending on anything from LMDE means running something compatible with old-stable for a very long time which might introduce dependency hell.

1 Like

That’s not the only CVE being exploited in the wild it’s affected by.

https://security-tracker.debian.org/tracker/CVE-2020-16013

https://security-tracker.debian.org/tracker/CVE-2020-16017

Likely many more.

2 Likes

What about chromium sourced from snap store?

Related:

They do little oversight of package safety/maintenance. A hidden cryptocurrency miner was slipped thru in uploads. Major apps lacked updates for a long time. Server components of the snap packaging system remain closed which gives Canonical control over the tech. Avoiding the support and proliferation of their lock-in format is a good move IMO.

Also Ubuntu anything has the tendency to be half baked abandonware once Canonical grows bored with it after they fail to monetize it.

1 Like

Good points. Quoted in the dedicated snap forum thread. Snap Store / snaps / snapd / snapcraft.io - a new software source? - #6 by Patrick Please redirect further discussion on snap there. Leave a link here if relevant.


Would also appreciate an opinion on flathub in https://forums.whonix.org/t/flathub-as-a-source-of-software/10706 as this might also turn out as suitable software source for Firefox and/or Chromium.

Chromium version comparison


snapstore

latest/stable 87.0.4280.88 3 December 2020


vs flathub

December 4, 2020 Version 87.0.4280.88


I cannot find any version number for Chrome, Chromium but I guess it’s the same as Chrome OS as published on the google blog.

Shows the same version number.


In conclusion, both snapstore and flathub are up to date.

1 Like

There’s no stable Chromium version, there’s a daily release. Chrome however does have stable point releases as noted on wiki:

87.0.4280

1 Like

Debian removes Chromium from the next release:

https://packages.debian.org/search?suite=default&section=all&arch=any&searchon=names&keywords=chromium

1 Like

ungoogled-chromium

December 15, 2020, Version 87.0.4280.88

Therefore no longer considering ungoogled-chromium from flathub.

Quote chromium - Debian Package Tracker

[2020-12-13] chromium REMOVED from testing (Debian testing watch)

Quote

Previous version: 83.0.4103.116-3.1
Current version: (not in testing)
Hint: https://release.debian.org/britney/hints/elbrus
# 20201212
Bug #973848: chromium: Unsupported version, many security bugs unfixed
Bug #960454: chromium: Make Chromium ask before downloading and enabling DRM
Bug #972134: chromium: please, consider moving the package to team-maintainance to properly maintain it
Bug #977103: chromium: FTBFS on armhf: error: write to reserved register ‘R7’
Bug #976292: design-desktop-web: drop chromium as Depends

  • Migration status for chromium (- to 83.0.4103.116-3.1): BLOCKED: Rejected/violates migration policy/introduces a regression

Quote Testing Excuses for chromium -- Debian Quality Assurance

Excuse for chromium

Excuses generated Sun Dec 20 10:08:21 2020

There is still recent development activity in some of these bugs. Therefore chromium might re-enter Debian testing.

Succeeded running Chromium from Flathub in Kicksecure.

Documented here:

(Documented in Whonix wiki for Whonix since kicksecure.com wiki is not yet ready.)

Related: https://forums.whonix.org/t/flathub-as-a-source-of-software/10706

1 Like

Not sure whos gonna solve that while its still very outdated even in sid

Chromium security issues caused by outdated packages in Debian with security issues exploited in the wild is resolved for now.

Debian uploaded the same version 87.0.4280.88-0.4~deb10u1 to Debian buster on 2021-01-01. References:

https://tracker.debian.org/pkg/chromium

Its good that they pushed the sid version to buster, but this doesnt
mean this issue wont happen in the future and this isnt a permanent
guaranteed solution that we can rely on. (The package though still being
removed in the next debian version bullseye)

The question remain how long will debian take to upgrade chromium 87 to
8x , or will it ever move or upgrade from this version to another one.

1 Like

Yes, situation has to be monitored.

1 Like

Does the chromium flatpak package have any issues which the chromium Debian package has mentioned in Chromium Debian Package Security?