Put down the cat, coffee, beer pint, martini, whatever you're holding, and make sure you've updated Chrome (unless you enjoy being hacked) If Google Chrome is bugging you to update it right now, please stop what you're doing, and get that upgrade. The latest version fixes a security vulnerability (CVE-2019-5786) that can be potentially exploited by malicious webpages to hijack the software, and run spyware, ransomware, and other nasties on your device or machine …
And your customers are correct. "upgrades", which should always be in quotes these days, especially from the ilk of creeps like Google and Microsoft, mostly are about benefits for the supplier, and are, more often than not, detrimental to the interests of the user. A. K. A. antifeatures. How do the end users distinguish? They can not.
If you are running flash, especially in full screen kiosk mode, it is not feasible to upgrade Chrome.
Because Google took out a user's ability to always allow flash from specific sites using the chrome://flags/#enable-ephemeral-flash-permission flag in v. 69, anyone using flash in an unattended kiosk needs to use an earlier version. (Never mind that Google doesn't even have an ftp site for old versions, you need to get them from who.knows.what.malware.lies.here.com.)
See https://productforums.google.com/forum/#!msg/chrome/7y0gbgs06L8/3ehByJReGQAJ or many other posts from aggravated users.
So much for doing no evil. I wish I could take back the many thousands of $ I gave Google, buying many Nexus'es, Pixels, storage, Fi subscriptions, etc...
Can anybody help?
I'm running Mint 17.3 (Cinnamon, 64-bit). The repos have Chromium 65.0.3325.181, which dates from March 2018; Chromium's latest version is apparently 74.
Given that I can't update Mint on this laptop (nVidia's fault), is there a relatively simple way to force an update while keeping my browser settings?
not even a Mint user but can't you just download a full installation and run that? On windows, that didn't used to overwrite my settings.
to be safe, though, you probably ought to back up your settings. This page will give you clue what to look for and where (though it's windoze centric so you'll have to extrapolate)
'course, haven't tried it for a few years, since I switched to SRWare Iron (privacy protection Chrome fork)
My question to the panel is "is Iron equally at risk?" but I think the "Chromium" question above might have answered that...
good luck
The problem is discussed at length here: https://forums.linuxmint.com/viewtopic.php?f=61&t=220892
There's a whole lot of "don't upgrade your O/S if you don't need to" talk around linux mint but if you're a die hard chromium user that depends on the official repos for your installed packages, that is one reason to upgrade because there's no support for chromium updates in the 17.3 repos any more. It is supported in 18.x +
Another option is you could attempt to build it yourself and stick with 17.3..
Except that Apple, Microsoft, Oracle et al don't have a policy that if they find an exploit in someone else's software they'll make the details public if it doesn't get fixed in an arbitrary 90 day limit that doesn't account for some problems being more difficult to fix etc. Only Google does, which is why they deserve special scorn here.
I'm usually in favor of some schedule of release if the bug is not fixed in a reasonable amount of time, but that reasonable amount of time has to be calculated separately for each new bug and take into account updates by the company involved. That release only helps if it encourages a company to work on fixing the bug when they otherwise would not, not as a stick that really does not always provide the same benefit.
FF is still powerful, they just replaced old, aging implementations with better ones. Whether or not their timing was good (it wasn't) or the replacements were production-ready (they weren't) is... Well, it's not up for debate at all. They rushed WebExtensions and such new technologies out the door even though they weren't ready or nearly as robust as what they replaced. But userChrome.js, browser-level JS execution, unique dialogs, modifying the look&feel of the browser... It's all still possible in different ways, while the base Firefox experience is now faster than ever.
I hated Mozilla for what they did too, but I found Chrome (I used Iridium) to be far less user-customizable than even new Firefox is. I ended up crawling back despite all pretenses, and now my browsing experience is actually better than it was before, both as a developer and a user.
Do I like the current state of Mozilla? No, but their product is still workable, and unlike Chrom[e,ium] or even Iridium, you can still lock the browser down, for now at least.
I don't know how long it will stay workable, since Mozilla seems hell-bent on deprecating XUL and removing these customization options, but we shall see.
...In the end I'll probably migrate over to Luakit or similar full-time.There are better alternatives than IE!
You mean people are still using Chrome after all of those privacy violations? You mean they are still using Chrome after they forced you to login to your google account when using Chrome? You mean they are still using it after they tried to ban ad blockers? I am surprised they want to hand over all of their browsing habits to google.
You're right. I've dumped Chrome right out of my life. I now use Facebook's new browser, Slurp. I'm in the beta program and it's great! I only had to fill out a 350 page contract, and sign in blood on every page - but it's OK as I was allowed to use the blood of my children, so it didn't hurt at all.
Every web page I go to is now automatically linked to my Facebook timeline, so all my friends (and anyone else watching as it auto-changes your preferences to allow everyone to share the goodness) can now see what cool stuff I'm looking at and how intelligent I am.
...That Mister Man porn site has got so many likes...
You don't need to. You just need a browser that runs JS or serves cookies and you're feeding facebook plenty of info.
What are you suggesting? That as long as Chrome doesn't suck quite as much information as Facebook it's ok? Conflating the nosiest browser on the web with the nosiest website on the web shows a startling lack of technical understanding.
Or is your post just Google love manifested through straw manning.....?
Or is your post just Google love manifested through straw manning.....?
Nope. My post was attempted humour. I don't use Chrome either. Partly because of the great Google slurp, and partly because I hate the UI. The reason I put up with Firefox in it's crashy/memory leak period was the UI with actual menus - as well as the lack of Google. It's now rather fast too, and I've read accusations that Chrome sometimes does the memory-hog thing itself.
to be fair to Google, they're as bad at slurping everyone's data and lying about it as Facebook. Well they've probably not been caught lying quite so often. They're not quite so amateur. But at least they haven't also spaffed that data to everybody who got API access - which appears to be most of the internet.
As the Patrician says, if we must have crime, better that it be organised crime.
If your PCs/laptops were powered on any time over the last three days (from 5 March onwards) it's highly likely that Chrome has already updated itself.
If you need to check a bunch of them, then use
dir "\\<pcname>\C$\Program Files\Google\Chrome\Application" /ad
on each PC, and look for the folder named 72.0.3626.121
Or perform the equivalent in PowerShell!
Given it seems that on some PC's the update has caused issues - on one of mine it caused several extensions to fail to load and MBAM to flag possible rootkit activity, recommending a reboot, I would be tempted to fire up Chrome just to ensure any update mess is tidied up.
Why, nothing of course. You see, as the market share of our wonderful rendering system increases, people are showing that they acknowledge that we provide the best, fastest, most secure, and most open engine available. We gladly extend our code to anyone, which is why we have made the Chromium™ engine completely open source and offer it to any user or company out there. We also offer all our services that are built into the Chromium™ engine and can't be removed without tearing the codebase apart to these companies, no questions asked except sometimes when they will need some API keys to distinguish them, but that's clearly a normal and justified thing to do with open source code.
With more and more people using the engine, any potential problems such as a framework that allows extensions that users install knowingly being able to block some parts of their traffic (yes, I know, but it happened) can be fixed extremely quickly. We aren't saying that it will be free of defects, but it will be better than the other options out there because it was developed with a very Googly mindset. We'll have so much data about everything that happens that we can find any risks to users' security or privacy and fix them immediately. We confidently expect that, in the next few years, the market share of our major competitors such as Gecko and WebKit will decrease to zero as competing browsers, which we totally support by the way, realize the superiority of this engine.
Google autocomment software, version 38.159.2581003.627501869274030461957286834
Well, we had to do something useful with our extra programmer-hours, didn't we? Like all google services, this autocomment software is completely open source. You can use it by getting an API key from Google's developer program and calling the three functions available in that interface. That's what open source means, isn't it?
From Google was irritating.
No info on whether exploit can be triggered without JS (i.e. HTML / CSS only or just being served a "tweaked" file) as would be extremely useful to know in those cases where upgrade awkward to apply (e.g. where people use Gold images and have a rigid protocol on changes to it, which makes zero day issue response a massive pain)
Apparently this exploit allows "others" to:
"run spyware, ransomware, and other nasties on your device or machine …"
How is this a problem in a product like Google Chrome? If you use chrome, Google, and by extension, "others" run "spyware, ransomware, and other nasties on your device or machine …". because this is the whole business model! Do you not know this?
i Guess the best analogy would be a pornstar complaining about cum-loads in the face from men she have not yet shaken hands with ;-)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
