Ubuntu
chromium-browser package

Update Chromium to take advantage of important security updates

Bug #847418 reported by Dan Auerbach
This bug report is a duplicate of:  Bug #834922: Update to 13.0.782.215. Edit Remove
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

The current Chromium package shipped with Ubuntu (Chromium 12) is badly out of date. This is particularly problematic because using old versions of browsers are missing critical security features. To pick one out, newer versions of Chromium ship with certificate pinning, which can be used to mitigate ongoing issues that keep arising with the present CA system underlying current PKI. See http://blog.chromium.org/2011/06/new-chromium-security-features-june.html, grep for "certificate pinning". Indeed, the presence of this feature is critical for stopping MITM attacks based on compromised CA certificates. The most recent example occurred with the CA DigiNotar: see, e.g., http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html. Note that the sentence in that blog post about Chrome users being safe from the attack is only true of Chrome, not the version of Chromium currently shipped with Ubuntu. I think it's important to keep this browser software up to date for the safety of users, even if there are no explicit "security update". I have marked this as a vulnerability since it relates to security and I wasn't sure how narrowly the security list should be used, though as it is not a traditional vulnerability bug, of course feel free to recategorize it as an ordinary (but important! :)) bug.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: chromium-browser 12.0.742.112~r90304-0ubuntu0.10.04.1
ProcVersionSignature: Ubuntu 2.6.32-33.72-generic 2.6.32.41+drm33.18
Uname: Linux 2.6.32-33-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
ChromiumPrefs:
 browser/check_default_browser = **unset** (no such key yet)
 extensions/settings =
  (no entry found in the Preferences file)
Date: Sun Sep 11 14:46:42 2011
Desktop-Session:
 DESKTOP_SESSION = gnome
 GNOME_DESKTOP_SESSION_ID = this-is-deprecated
 XDG_CONFIG_DIRS = /etc/xdg/xdg-gnome:/etc/xdg
 XDG_DATA_DIRS = /usr/share/gnome:/usr/local/share/:/usr/share/
DetectedPlugins: (no entry found in the Preferences file)
Env:
 MOZ_PLUGIN_PATH = None
 LD_LIBRARY_PATH = None
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
ProcEnviron:
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: chromium-browser
chromium-default: CHROMIUM_FLAGS=""

Revision history for this message
Dan Auerbach (kam3-dan) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 834922, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Please continue to report any other bugs you may find.

Changed in chromium-browser (Ubuntu):
status: New → Confirmed
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.