Chromium Browser for Kicksecure Discussions (not Whonix)

Quote chromium - Debian Package Tracker

[2020-12-13] chromium REMOVED from testing (Debian testing watch)


Previous version: 83.0.4103.116-3.1
Current version: (not in testing)
# 20201212
Bug #973848: chromium: Unsupported version, many security bugs unfixed
Bug #960454: chromium: Make Chromium ask before downloading and enabling DRM
Bug #972134: chromium: please, consider moving the package to team-maintainance to properly maintain it
Bug #977103: chromium: FTBFS on armhf: error: write to reserved register ‘R7’
Bug #976292: design-desktop-web: drop chromium as Depends

  • Migration status for chromium (- to 83.0.4103.116-3.1): BLOCKED: Rejected/violates migration policy/introduces a regression

Quote Testing Excuses for chromium -- Debian Quality Assurance

Excuse for chromium

Excuses generated Sun Dec 20 10:08:21 2020

There is still recent development activity in some of these bugs. Therefore chromium might re-enter Debian testing.

Succeeded running Chromium from Flathub in Kicksecure.

Documented here:

(Documented in Whonix wiki for Whonix since wiki is not yet ready.)


1 Like

Not sure whos gonna solve that while its still very outdated even in sid

Chromium security issues caused by outdated packages in Debian with security issues exploited in the wild is resolved for now.

Debian uploaded the same version 87.0.4280.88-0.4~deb10u1 to Debian buster on 2021-01-01. References:

Its good that they pushed the sid version to buster, but this doesnt
mean this issue wont happen in the future and this isnt a permanent
guaranteed solution that we can rely on. (The package though still being
removed in the next debian version bullseye)

The question remain how long will debian take to upgrade chromium 87 to
8x , or will it ever move or upgrade from this version to another one.

1 Like

Yes, situation has to be monitored.

1 Like

Does the chromium flatpak package have any issues which the chromium Debian package has mentioned in Chromium Debian Package Security?

Not yet suitable.

Download for Debian-based systems

Repository for Debian-based systems

current version 2019.04.73 - outdated
(based on Chromium 73.0.3683.103)

But interesting to watch how this project develops.

What about plain Chromium via extrepo?

There is no such thing as an extrepo repository. extrepo is a method of enabling an already available repository (such as,, …) in an easier way. Instead of following third party instructions on how to enable the third party repository (add apt signing key + add apt sources.list.d snippet) it simplifies that process. No third party repository with alternative Chromium versions to being with → extrepo repository cannot help either. Similar explanation:

Iridium uses an ancient version of Chromium and is therefore publicly vulnerable to known vulnerabilities, all whilst the developers blatantly lie to its users on Github about this. It also severely weakens the browsers exploit mitigations by e.g. switching from Clang to GCC (so no CFI, etc.) for seemingly no reason; they just apply dangerous patches for the sake of it.

1 Like

Asked upstream.

1 Like

Thats should be better to not link it to google.

Counter measures In response to a report that a tracker was using CNAMEs to circumvent privacyblocklists4, uBlock Origin released an update for its Firefox version that thwarts CNAME cloaking [23]. The extension blocks requests to CNAME trackers by resolving the domain names using the browser.dns.resolve API method to obtain the last CNAME record (if there is any) before each request is sent. Subsequently, the extension checks whether the domain name matches any of the rules in its block lists, and blocks requests with matching domains while adding the outcome to a local cache. Although uBlock Origin also has a version for Chromium-based browsers, the same defense cannot be applied because Chromium-based browser extensions do not have access to an API to performDNS queries. As such, at the time of this writing, it is technically impossible for these extensions to block requests to trackers that leverage CNAME records to avoid detection

1 Like

Indeed. This is good news. The transition isn’t nice for users but from Freedom Software viewpoint, it is good that Open Source code interacting with proprietary API has been removed.


Security bummer:

1 Like