Buck
5 November 2020 12:01
1
Chromium is a solid browser but it’s slipped through the cracks with the last update. It has the following vulnerabilities in the current state:
Package chromium is affected by CVE-2020-16009, CVE-2020-16008, CVE-2020-16007, CVE-2020-16006, CVE-2020-16005, CVE-2020-16004. Critical risk! Update to 86.0.4240.183-1!
Please address this ASAP. If we have to rely on the Manjaro repos instead of the Arch repos we also need to be safe. Thanks.
You don’t have to use Manjaro repo’s for Chromium, you can build it or use chromium-dev from the AUR
http://aur.archlinux.org/packages/chromium-dev
1 Like
Or even better: use something else.
2 Likes
Wow that’s a new one on me, thanks for the link.
Does qutebrowser (like Falkon) depend on QtWebEngine? Are browsers with that dependency dependent on Chromium anyway?
https://doc.qt.io/qt-5/qtwebengine-overview.html
Relationship to Chromium
Qt WebEngine uses code from the Chromium project. However, it is not containing all of Chrome/Chromium:
Binary files are stripped out
Auxiliary services that talk to Google platforms are stripped out
The codebase is modularized to allow use of system libraries like OpenSSL
We do update to the latest Chromium version in use before a Qt release. After a release some bug fixes and security patches are backported. For LTS releases of Qt we might also update Chromium in a patch level release.
(1) QtWebEngine - Qt Wiki
Buck
8 November 2020 15:11
7
Whataboutism. Go away troll.
Buck
8 November 2020 15:13
8
Resorting to unstable builds on the AUR because the package is gimped upstream is both inconvenient and incredibly dangerous for something as core as your web browser. Please stop having ideas.
You could just have patience then and wait for the update or build it yourself if you don’t trust the aur. But either way you should try not being so hostile with your posts
1 Like