Ubuntu
chromium-browser package

chromium-browser with multiple tabs crashes on startup in KDE environment

Bug #1310163 reported by Bruce Miller
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Chromium Browser
Unknown
Unknown
chromium-browser (Ubuntu)
Fix Released
High
Chad Miller

Bug Description

first output is with kwallet disabled.

second output is after re-enabling kwallet

ruce@Pericles:~$ ATTENTION: default value of option force_s3tc_enable overridden by environment.
[6251:6251:0419/183400:ERROR:sandbox_linux.cc(268)] InitializeSandbox() called with multiple threads in process gpu-process
[6208:6239:0419/183401:ERROR:object_proxy.cc(566)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.kwalletd was not provided by any .service files
[6208:6239:0419/183401:ERROR:native_backend_kwallet_x.cc(228)] Error contacting kwalletd (isEnabled)
[6208:6239:0419/183401:ERROR:object_proxy.cc(566)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus)
[6208:6239:0419/183401:ERROR:native_backend_kwallet_x.cc(228)] Error contacting kwalletd (isEnabled)
[6208:6208:0419/183402:ERROR:profile_sync_service.cc(1315)] History Delete Directives datatype error was encountered: Delete directives not supported with encryption.
[6208:6313:0419/183404:ERROR:download.cc(109)] PostClientToServerMessage() failed during GetUpdates
[6208:6244:0419/183411:FATAL:url_request.cc(707)] Trying to send secure referrer for insecure load

[1]+ Aborted (core dumped) chromium-browser
bruce@Pericles:~$ chromium-browser &
[1] 7505
bruce@Pericles:~$ ATTENTION: default value of option force_s3tc_enable overridden by environment.
[7548:7548:0419/183625:ERROR:sandbox_linux.cc(268)] InitializeSandbox() called with multiple threads in process gpu-process
[7505:7505:0419/183628:ERROR:profile_sync_service.cc(1315)] History Delete Directives datatype error was encountered: Delete directives not supported with encryption.
[7505:7541:0419/183635:FATAL:url_request.cc(707)] Trying to send secure referrer for insecure load

[1]+ Aborted (core dumped) chromium-browser

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: chromium-browser 34.0.1847.116-0ubuntu2
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: KDE
Date: Sat Apr 19 22:46:35 2014
Desktop-Session:
 DESKTOP_SESSION = kde-plasma
 XDG_CONFIG_DIRS = /etc/xdg/xdg-kde-plasma:/usr/share/upstart/xdg:/etc/xdg
 XDG_DATA_DIRS = /usr/share:/usr/share/kde-plasma:/usr/local/share/:/usr/share/
Env:
 MOZ_PLUGIN_PATH = None
 LD_LIBRARY_PATH = None
InstallationDate: Installed on 2013-02-26 (417 days ago)
InstallationMedia: Kubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.1)
SourcePackage: chromium-browser
UpgradeStatus: Upgraded to trusty on 2014-04-19 (0 days ago)
chromium-default: CHROMIUM_FLAGS=""
gconf-keys: /desktop/gnome/applications/browser/exec = b'firefox\n'/desktop/gnome/url-handlers/https/command = b'firefox %s\n'/desktop/gnome/url-handlers/https/enabled = b'true\n'/desktop/gnome/url-handlers/http/command = b'firefox %s\n'/desktop/gnome/url-handlers/http/enabled = b'true\n'/desktop/gnome/session/required_components/windowmanager = b''/apps/metacity/general/compositing_manager = b''/desktop/gnome/interface/icon_theme = b'gnome\n'/desktop/gnome/interface/gtk_theme = b'Clearlooks\n'
modified.conffile..etc.default.chromium.browser: [deleted]

Revision history for this message
Bruce Miller (brm0423) wrote :
Revision history for this message
Ted (ted276) wrote :

This appears to be related to this upstream bug report:

https://code.google.com/p/chromium/issues/detail?id=357473

Basically, the Chromium devs put a LOG(FATAL) in unofficial builds. So Chrome works fine, but not Chromium. The browser isn't actually crashing on its own, instead the LOG(FATAL) is killing the browser in order to get the attention of the user so they'll file a bug report.

This is not related to KDE, KWallet, multiple tabs, or even starting up. It has to do with sending secure referrers to insecure hosts, which one of your tabs must have been doing. Going to any HTTPS page, right clicking a link and choosing "Save link as..." will cause this "crash".

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in chromium-browser (Ubuntu):
status: New → Confirmed
Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu):
assignee: nobody → Chad Miller (cmiller)
Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu):
importance: Undecided → High
Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package chromium-browser - 38.0.2125.111-0ubuntu0.14.10.1.1103

---------------
chromium-browser (38.0.2125.111-0ubuntu0.14.10.1.1103) utopic-security; urgency=medium

  * Upstream release 38.0.2125.111.
  * Upstream release 38.0.2125.104.
  * Upstream release 38.0.2125.101: (LP: #1310163)
    - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and
      IPC bugs that can lead to remote code execution outside of the sandbox.
    - CVE-2014-3189: Out-of-bounds read in PDFium.
    - CVE-2014-3190: Use-after-free in Events.
    - CVE-2014-3191: Use-after-free in Rendering.
    - CVE-2014-3192: Use-after-free in DOM.
    - CVE-2014-3193: Type confusion in Session Management.
    - CVE-2014-3194: Use-after-free in Web Workers.
    - CVE-2014-3195: Information Leak in V8.
    - CVE-2014-3196: Permissions bypass in Windows Sandbox.
    - CVE-2014-3197: Information Leak in XSS Auditor.
    - CVE-2014-3198: Out-of-bounds read in PDFium.
    - CVE-2014-3199: Release Assert in V8 bindings.
    - CVE-2014-3200: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 38).
  * debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy.
  * Make the verification step in clean make more compare-able output.
  * debian/patches/configuration-directory.patch: Account for new location of
    policies directory in /etc . Change back. (LP: #1373802)
  * debian/patches/lp-translations-paths: Map old third_party filenames to
    new name after processor compiles.
  * debian/rules: Fix patch-translations rule, workflow.
  * debian/patches/macro-templates-not-match: Anonymous struct isn't sizable.
  * debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS,
    which has never worked. (LP: #1381644)
  * debian/patches/disable-sse: Disable more SSE #includes.
  * debian/rules: Omit unnecessary files from packaging.
  * debian/chromium-browser.sh.in: Fix variable name bug and suggest
    ~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS.
  * debian/patches/5-desktop-integration-settings.patch: Adapt to new settings
    APIs.

chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low

  * Upstream release 37.0.2062.120:
    - CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
    - CVE-2014-3179: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules: Simplify and rearrange.
  * debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags,
    so we can fail when something changes unexpectedly.
  * debian/rules: Fix up patch-translations rule.

chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low

  * Upstream release 37.0.2062.94.
    - CVE-2014-3165: Use-after-free in Blink websockets.
    - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
      extensions that can lead to remote code execution outside of the sandbox.
    - CVE-2014-3168: Use-after-free in SVG.
    - CVE-2014-3169: Use-after-free in DOM.
    - CVE-2014-3170: Extension permission dialog spoofing.
    - CVE-2014-3171: Use-after-free in bindings.
    - CVE-2014-3172: Issue related to extension debugging.
 ...

Read more...

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package chromium-browser - 38.0.2125.111-0ubuntu0.14.04.1.1061

---------------
chromium-browser (38.0.2125.111-0ubuntu0.14.04.1.1061) trusty-security; urgency=medium

  * Upstream release 38.0.2125.111.
  * Upstream release 38.0.2125.104.
  * Upstream release 38.0.2125.101: (LP: #1310163)
    - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and
      IPC bugs that can lead to remote code execution outside of the sandbox.
    - CVE-2014-3189: Out-of-bounds read in PDFium.
    - CVE-2014-3190: Use-after-free in Events.
    - CVE-2014-3191: Use-after-free in Rendering.
    - CVE-2014-3192: Use-after-free in DOM.
    - CVE-2014-3193: Type confusion in Session Management.
    - CVE-2014-3194: Use-after-free in Web Workers.
    - CVE-2014-3195: Information Leak in V8.
    - CVE-2014-3196: Permissions bypass in Windows Sandbox.
    - CVE-2014-3197: Information Leak in XSS Auditor.
    - CVE-2014-3198: Out-of-bounds read in PDFium.
    - CVE-2014-3199: Release Assert in V8 bindings.
    - CVE-2014-3200: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 38).
  * debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy.
  * Make the verification step in clean make more compare-able output.
  * debian/patches/configuration-directory.patch: Account for new location of
    policies directory in /etc . Change back. (LP: #1373802)
  * debian/patches/lp-translations-paths: Map old third_party filenames to
    new name after processor compiles.
  * debian/rules: Fix patch-translations rule, workflow.
  * debian/patches/macro-templates-not-match: Anonymous struct isn't sizable.
  * debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS,
    which has never worked. (LP: #1381644)
  * debian/patches/disable-sse: Disable more SSE #includes.
  * debian/rules: Omit unnecessary files from packaging.
  * debian/chromium-browser.sh.in: Fix variable name bug and suggest
    ~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS.
  * debian/patches/5-desktop-integration-settings.patch: Adapt to new settings
    APIs.

chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low

  * Upstream release 37.0.2062.120:
    - CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
    - CVE-2014-3179: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules: Simplify and rearrange.
  * debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags,
    so we can fail when something changes unexpectedly.
  * debian/rules: Fix up patch-translations rule.

chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low

  * Upstream release 37.0.2062.94.
    - CVE-2014-3165: Use-after-free in Blink websockets.
    - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
      extensions that can lead to remote code execution outside of the sandbox.
    - CVE-2014-3168: Use-after-free in SVG.
    - CVE-2014-3169: Use-after-free in DOM.
    - CVE-2014-3170: Extension permission dialog spoofing.
    - CVE-2014-3171: Use-after-free in bindings.
    - CVE-2014-3172: Issue related to extension debugging.
 ...

Read more...

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.