Chromium suddenly starts downloading a binary blob

Posted Jun 18, 2015 22:49 UTC (Thu) by gilbert (guest, #81446)
Parent article: Chromium suddenly starts downloading a binary blob

Fortunately native client is disabled (i.e. not built at all) in the Debian chromium packages, so even if the downloaded nacl executables were in fact malicious (and capable of escaping the nacl sandbox), there is no interpreter in Debian actually capable of triggering the hidden badness.

In addition as one of the chromium developers mentions, concerning other distributions with chromium+nacl, all nacl executables are sandboxed, so this is much like navigating to any nacl webpage (except that hotword automatically gets microphone permission which is not really so great itself):
https://code.google.com/p/chromium/issues/detail?id=50092...

The aspect of this "incident" that I find disheartening is LWN jumping onto the security overhype bandwagon so quickly without fully rationalizing the problem.

p.s. I am the maintainer of the Debian chromium package.

Chromium suddenly starts downloading a binary blob

Posted Jun 23, 2015 11:06 UTC (Tue) by nix (subscriber, #2304) [Link]

Quite. The open source nature of Chromium helps here, too: it is really not hard to prove, even from a position of total unfamiliarity with the codebase, that that executable is only executed at all if the setting is on, no matter *what* it might do. So the frothing about howgoogle is no better than a rootkit vendor or the NSA from Falkvinge and similar commentators is unjustified and says more about the tendency of said commentators to see conspiracies everywhere rather than doing a few minutes of actual research than anything else.