Chromium on trusty too outdated; not supported by gmail

Bug #1664147 reported by Fink Nottle on 2017-02-13
430
This bug affects 37 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Olivier Tilloy

Bug Description

As of Feb 13 2017, the chromium version on trusty is 53.x which is at least a couple of versions behind chrome-stable. Gmail displays this message, "This version of Chrome is no longer supported. Please upgrade to asupported browser." Core functionality in gmail works fine, but I'm not sure of security ramifications of running an old browser, particularly when google advises against it.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in chromium-browser (Ubuntu):
status: New → Confirmed
Paul White (paulw2u) on 2017-02-13
tags: added: trusty
Giacomo Nannicini (gnannicini) wrote :

Considering the latest news about the vulnerability of SHA-1 (see https://shattered.it/ ), any Chromium version < 56 is potentially vulnerable.

information type: Public → Public Security
wpaludet (wpaludet) wrote :

news ?
chromium-browser - 56.0.2924.76-0ubuntu0.14.04.1159 wont build... Can someone fix it ?

https://launchpad.net/~canonical-chromium-builds/+archive/ubuntu/stage/+packages

Fink Nottle (finknottle) wrote :

It looks like chromium 57 has been pushed to the ppa. I tried it on trusty, and it works. I noticed one difference compared to chrome 57. Flash has been deprecated in chrome 57, and set to on-demand only. Ironically, chromium runs flash by default. The on-demand setting doesn't exist on chromium 57.

Olivier Tilloy (osomon) wrote :

I’ve packaged chromium-browser 58.0.3029.81 for trusty, it is being validated by the security team and will hopefully hit -updates soon.

Changed in chromium-browser (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
status: Confirmed → In Progress
importance: Undecided → High
Fink Nottle (finknottle) wrote :

Thank you. I've been testing the ppa version, and it works fine. The two noticeable issues are that chromecast doesn't work anymore (known upstream issue I guess), and flash's behaviour isn't the same as chrome.

Olivier Tilloy (osomon) on 2017-04-26
Changed in chromium-browser (Ubuntu):
status: In Progress → Fix Released
herrtimson (herrtimson) wrote :

thank you for your effort of the upgrade to recent stable chromium-58

I am using it with the arm port of Ubuntu-14.04 on a ac 100 chromebook, where I get something which seems to be a segmention fault while starting the browser. This is the output from the console

Received signal 11 SEGV_MAPERR 0000000000b4
#0 0x000041d5579a base::debug::StackTrace::StackTrace()
#1 0x000041d5529e base::debug::StackTrace::StackTrace()
#2 0x000041d55ad4 <unknown>
#3 0x000045ef8ac0 <unknown>
[end of stack trace]
Calling _exit(1). Core file will not be generated.
[1932:2002:0427/142800.887755:ERROR:browser_gpu_channel_host_factory.cc(113)] Failed to launch GPU process.
[1932:2002:0427/142800.888476:ERROR:browser_gpu_channel_host_factory.cc(113)] Failed to launch GPU process.
[1932:2002:0427/142800.888952:ERROR:browser_gpu_channel_host_factory.cc(113)] Failed to launch GPU process.
[1932:2002:0427/142800.890193:ERROR:browser_gpu_channel_host_factory.cc(113)] Failed to launch GPU process.
[1932:2002:0427/142800.890652:ERROR:browser_gpu_channel_host_factory.cc(113)] Failed to launch GPU process.

I'm uncertain if this is a problem, since chromium does not crash in this moment and I'm able to use it for surfing in the internet, as supposed? If you need further information (coredump, etc), please provide me with informations how to generate those, I am not really familiar with the use of debug tools.

Olivier Tilloy (osomon) wrote :

Thanks for the feedback @herrtimson. Can you please install debug symbols and see if that results in a more verbose stack trace printed on the console?

You will need to follow instructions at https://wiki.ubuntu.com/DebuggingProgramCrash#Non-built-in_debug_symbol_packages_.28.2A-dbgsym.29 to enable the ddebs repository, and then install "chromium-browser-dbgsym".

herrtimson (herrtimson) wrote :

Well, I just installed the additonal dbgsym package for chromium and started it with

chromium-browser --debug 2>&1 | tee gdb-chromium.txt

Apparently running out of memory, the device has only 433mb ram and an additional 266mb as a swap on a SD card. However, I attached the small logfile which was created. I'll try to get more swap up working.

Can someone else try to test on a device with more ram, raspberry-pi maybe?

Umer Salman (umer936) wrote :

Awesome! Thank you so much Oliver! @osomon

Olivier Tilloy (osomon) wrote :

@herrtimson: try launching without --debug. Is the stacktrace printed on stderr any more complete?

herrtimson (herrtimson) wrote :

I managed to add enough swap space but unfortunatley it doesn't make any difference, the trace is the same as printed without --debug in #8

My guess is that it is very similar problem to https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1563184 , but I don't get the segfault or any other crash, just weird console ouput :-)

Can you please post
$ glxinfo | grep OpenGL

and
$ dmesg | grep -i drm

Chromium creates multiple processes when working, and above is the crash of the GPU sub-process. Maybe it tries to use GPU acceleration, but fails to do ot, and the GPU is not blacklisted or you set it to ignore the blacklist in chrome://flags

Also try dropping chrome://flags to default

herrtimson (herrtimson) wrote :

The crash, if you'd like to call it a crash, was about gpu hardware acceleration. I tried to append --disable-gpu from console and this made it go away plus the browser itself is much faster now in rendering. I then disabled it permamently in the options.

The device is a nvidia tegra, the binary drivers don't work with 14.04 and I believe the opensource version which I am using at the moment does not allow gpu acceleration. Is there another bug open regarding gpu acceleration with the tegra open source videodrivers?

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers