[Pkg-chromium-maint] Bug#792580: chromium: Chromium calls home even in incognito mode with safe browsing turned off
Martín Ferrari
tincho at debian.org
Thu Jul 16 13:00:49 UTC 2015
Package: chromium
Version: 43.0.2357.130-1
Severity: important
A Chromium session started in incognito mode, with the malware protection
turned off, still is calling home sending unknown data. I think this is a
unacceptable threat to personal privacy. I don't know what's being sent, but I
am highly suspicious of this behaviour.
Note that when I captured this, I haven't even pressed a single key on the
Chromium window.
$ ps ax|grep chrom|awk '{print $1}'|xargs -l1 lsof -n -p|grep TCP
chromium 17401 tincho 71u IPv6 588111 0t0 TCP
[<redacted>]:53203->[2a00:1450:4009:80a::200a]:https (ESTABLISHED)
chromium 17401 tincho 74u IPv6 587287 0t0 TCP
[<redacted>]:44801->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho 88u IPv6 589310 0t0 TCP
[<redacted>]:53199->[2a00:1450:4009:80a::200a]:https (ESTABLISHED)
chromium 17401 tincho 95u IPv6 588078 0t0 TCP
[<redacted>]:44796->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho 96u IPv6 588079 0t0 TCP
[<redacted>]:44797->[2a00:1450:4009:80c::200d]:https (ESTABLISHED)
chromium 17401 tincho 118u IPv6 589334 0t0 TCP
[<redacted>]:57744->[2a00:1450:400c:c07::bc]:5228 (ESTABLISHED)
chromium 17401 tincho 123u IPv6 590134 0t0 TCP
[<redacted>]:59367->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
chromium 17401 tincho 153u IPv6 589362 0t0 TCP
[<redacted>]:59370->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
chromium 17401 tincho 154u IPv6 588128 0t0 TCP
[<redacted>]:47996->[2a00:1450:4007:80d::2004]:https (ESTABLISHED)
chromium 17401 tincho 156u IPv6 588139 0t0 TCP
[<redacted>]:59372->[2a00:1450:4009:80c::200e]:https (ESTABLISHED)
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (100, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages chromium depends on:
ii libasound2 1.0.29-1
ii libatk1.0-0 2.16.0-2
ii libc6 2.19-18
ii libcairo2 1.14.2-2
ii libcups2 2.0.3-6
ii libdbus-1-3 1.8.18-1
ii libexpat1 2.1.0-6+b3
ii libfontconfig1 2.11.0-6.3
ii libfreetype6 2.5.2-4
ii libgdk-pixbuf2.0-0 2.31.4-2
ii libglib2.0-0 2.44.1-1.1
ii libgnome-keyring0 3.12.0-1+b1
ii libgtk2.0-0 2.24.28-1
ii libharfbuzz0b 0.9.41-1
ii libjpeg62-turbo 1:1.4.0-7
ii libnspr4 2:4.10.8-2
ii libnss3 2:3.19.2-1
ii libpango-1.0-0 1.36.8-3
ii libpangocairo-1.0-0 1.36.8-3
ii libpci3 1:3.2.1-3
ii libsnappy1 1.1.2-4
ii libspeechd2 0.8-7
ii libspeex1 1.2~rc1.2-1
ii libsrtp0 1.4.5~20130609~dfsg-1.1
ii libstdc++6 5.1.1-12
ii libx11-6 2:1.6.3-1
ii libxcomposite1 1:0.4.4-1
ii libxcursor1 1:1.1.14-1+b1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+b2
ii libxi6 2:1.7.4-1+b2
ii libxml2 2.9.1+dfsg1-5
ii libxrandr2 2:1.4.2-1+b1
ii libxrender1 1:0.9.8-1+b1
ii libxslt1.1 1.1.28-2+b2
ii libxss1 1:1.2.2-1
ii libxtst6 2:1.2.2-1+b1
ii x11-utils 7.7+3
ii xdg-utils 1.1.0~rc1+git20111210-7.4
chromium recommends no packages.
Versions of packages chromium suggests:
pn chromium-l10n <none>
-- Configuration Files:
/etc/chromium/default 3c0d2b6ec05d1629d94b328966a074bc [Errno 2] No such file or directory: u'/etc/chromium/default 3c0d2b6ec05d1629d94b328966a074bc'
/etc/chromium/initial_bookmarks.html a054d9aeaf28b7a9b564e7e8be177932 [Errno 2] No such file or directory: u'/etc/chromium/initial_bookmarks.html a054d9aeaf28b7a9b564e7e8be177932'
/etc/chromium/master_preferences 692be212bebbeafd4d034b479f983833 [Errno 2] No such file or directory: u'/etc/chromium/master_preferences 692be212bebbeafd4d034b479f983833'
-- no debconf information
More information about the Pkg-chromium-maint
mailing list