[Pkg-chromium-maint] Bug#856169: Chromium installs a setuid binary without obvious need nor warning
Alain Knaff
alain at knaff.lu
Sat Feb 25 20:30:12 UTC 2017
Package: chromium
Version: 56.0.2924.76-1~deb8u1
Chromium's .deb install a suid root binary
(/usr/lib/chromium/chrome-sandbox), potentially exposing the user's
system to hostile javascripts downloaded from the untrusted web.
This has already been exploited in the past:
https://bugs.chromium.org/p/chromium/issues/detail?id=76542
Debian packages should not expose users' systems to these kinds of risks
without informed consent.
Alain
More information about the Pkg-chromium-maint
mailing list