|
|
Subscribe / Log in / New account

Security updates for Monday

Dist. ID Release Package Date
Debian DLA-2983-1 LTS abcm2ps 2022-04-17
Debian DSA-5121-1 stable chromium 2022-04-16
Fedora FEDORA-2022-e619e3d5d0 F34 cacti 2022-04-17
Fedora FEDORA-2022-6a7e259e15 F35 cacti 2022-04-17
Fedora FEDORA-2022-e619e3d5d0 F34 cacti-spine 2022-04-17
Fedora FEDORA-2022-6a7e259e15 F35 cacti-spine 2022-04-17
Fedora FEDORA-2022-764c8c6b1c F34 fribidi 2022-04-17
Mageia MGASA-2022-0141 8 crun 2022-04-15
Mageia MGASA-2022-0144 8 docker-containerd 2022-04-15
Mageia MGASA-2022-0142 8 libarchive 2022-04-15
Mageia MGASA-2022-0145 8 mediawiki 2022-04-18
Mageia MGASA-2022-0143 8 ruby 2022-04-15
to post comments

Security updates for Monday

Posted Apr 18, 2022 15:30 UTC (Mon) by jamescrake-merani (subscriber, #157540) [Link] (3 responses)

What is with chromium often appearing in the security updates. Is it really that bad?

Security updates for Monday

Posted Apr 18, 2022 16:08 UTC (Mon) by amacater (subscriber, #790) [Link]

Yes: and also very regularly updated by upstream ...

Security updates for Monday

Posted Apr 18, 2022 17:05 UTC (Mon) by atnot (subscriber, #124910) [Link]

It's a combination of a lot of things. Enormous attack surface and lots of churn in a huge codebase of performance sensitive code written in unsafe languages, sure. But also world class security teams both within and outside of google fuzzing and analyzing it thoroughly every day for both good and evil.

Security updates for Monday

Posted Apr 19, 2022 6:50 UTC (Tue) by flussence (guest, #85566) [Link]

Yes, it really is that bad. https://chromestatus.com/ lists 2103 features as of this post, of which about ~75% have actual implementations. That's an enormous attack surface, and some of those things (like WebUSB, WebBluetooth, WebGL) are fractally awful.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds