Google releases Chrome 105 emergency update to address security issue

Martin Brinkmann
Sep 3, 2022
Google Chrome
|
78

Google released an emergency update for the company's Chrome web browser on September 2, 2022. The update addresses a security issue in the browser that is rated high and exploited in the wild.

google chrome 105 security fix

The new version is available as an update for Chrome's Stable and Extended Stable channel.

Google released Chrome 105 Stable earlier this week. The update fixed 24 different security issues in the browser, one of them rated critical, the highest rating.

Ahead of Labor Day in the United States, Google released another security update for Chrome. The update brings the version of the browser to 105.0.5195.102 for Windows, Mac and Linux devices, and the Extended Stable channel version to 104.0.5112.114.

As is the case with updates for Chrome, it may take days or even weeks before the rollout completes. Updates are installed automatically once they become available. Since the security vulnerability is exploited actively, it is recommended that Chrome users update their browsers asap.

Updating desktop versions of Chrome is thankfully straightforward and not limited, as it is on Android.

  1. Load chrome://settings/help in the browser's address bar or select Menu > Help > About Google Chrome.
  2. Chrome displays the current version and runs a check for updates. The browser should pick up the latest update and install it automatically.
  3. A restart is required to complete the process.

Chrome 105 security update

The official post on the Chrome releases blog offers little information. The security issue that is patched in the new version of Chrome is rated high, the second highest rating after critical.

[$TBD][1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30

What expedited the release of a security update is the fact that the issue is exploited in the wild. As always, Google does not provide additional information at this point. The scope of attacks targeting the vulnerability in Chrome is unknown.

Mojo "is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries" according to documentation on the Google Source website.

Now you: when do you update your browsers?

Summary
Google releases Chrome 105 emergency update to address security issue
Article Name
Google releases Chrome 105 emergency update to address security issue
Description
Google released an emergency update for the company's Chrome web browser that addresses a security issue in the browser that is exploited in the wild.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. HT said on September 25, 2022 at 9:33 pm
    Reply

    Will Ghacks be covering ChromeOS stable channel release 105.0.5195.134, or problems associated with this version? There’s been no mention to date (9/25/22).

  2. waxhaw said on September 6, 2022 at 10:15 pm
    Reply

    Our application written in PHP broke with this release. We have never had a problem with releases in the past. Anybody else have issues?

  3. Google Firefox vs Google Chrome said on September 6, 2022 at 2:58 pm
    Reply

    I never understand Firefox lovers and their endless debates against chromium, chrome, Google etc. If you think about it, they actually bite the hand that feeds them. The majority of Mozilla’s income comes from Google, they have a deal that pays Mozilla’s bills. Google pays the bills of their favourite browser:) I am sorry I don’t see any difference between using Firefox or a chromium based browser. They are all developed because Google pays the bills with money from ads. I don’t understand the difference because I know that in real world what matters is money. Again, Google pays the bills of your favourite browser:)

    1. Anonymous said on September 7, 2022 at 2:29 am
      Reply

      @Iron Heart/No anonymity/Jody Thornton/Google Firefox vs Google Chrome/sock puppet

      If you love Google and what they stand for. then by all means use and promote Chrome, nobody is stopping you.

      If Firefox is really Chrome, then why do you hate is so much? Why do all Google fanboys always mention Google pays the bills? It’s well known that Mozilla gets Google search money. Mozilla does not hide it. Why do you need to mention it in every single post?

      It’s not unprecedented. Monopolies often financially support token opposition to avoid anti-trust problems. Years ago, Microsoft did it with Apple and WordPerfect by investing in them. I don’t understand why this is such a big revelation in need of constant repeating. What I don’t understand is the extreme hatred for Mozilla. It’s just a browser people.

      1. Iron Heart said on September 7, 2022 at 7:11 am
        Reply

        @Anonymous

        > If you love Google and what they stand for. then by all means use and promote Chrome, nobody is stopping you.

        I don’t love the Google data collection. At the same time, I have no reason to hate the Chromium open source code. There are versions of Chromium that respect user privacy, like Brave or Bromite or Ungoogled Chromium. Chromium is not Chrome and using Chromium does not mean that I support Google’s data collection (i.e., the way they actually make money). This is IMHO a nonsense claim made by Firefox fans in order to push the product, using Chromium = being OK with all of Google’s actions, including privacy violations = evident nonsense.

        > Why do you need to mention it in every single post?

        I don’t mention it in every single post.

        The fact is, the Firefox fans here are asking for it by claiming that Mozilla is supposedly independent (“last best hope against Google”, yes they really said that) and in opposition to Google. Neither their finances nor their actions so far support this claim in any way.

        > Monopolies often financially support token opposition to avoid anti-trust problems.

        Yeah, but how is that good news for Mozilla? This basically means they are not really independent.

        > What I don’t understand is the extreme hatred for Mozilla. It’s just a browser people.

        Take a look at their leadership and their “vision” for the web, buddy. 2022’s Mozilla is not 2004’s Mozilla. Add to that constantly repeated yet unsupported claims about their supposed independence, or their supposed security advantages (of which they have none), or the Manifest V3 scarecrow at least Brave users really don’t need to care about (= misleading claims about competitors) etc. Is it any wonder? Also, disliking Mozilla does not mean that one can’t also dislike Google and their practices.

    2. Anonymous said on September 6, 2022 at 7:34 pm
      Reply

      Enjoy your manifest v3 in january. That’s your difference chromefan.

      1. Iron Heart said on September 7, 2022 at 5:29 am
        Reply

        @Anonymous

        > Enjoy your manifest v3 in january.

        I at least shall enjoy. Brave’s internal adblocker does not even use extension APIs. :D

        > difference

        LOL.

      2. Google Firefox vs Google Chrome said on September 6, 2022 at 10:08 pm
        Reply

        I will Anonymous, and make no mistake. Google Firefox will adapt to it too. After all Google is paying the bills:)

      3. Anonymous said on September 7, 2022 at 12:48 pm
        Reply

        @Google Firefox vs Google Chrome IronTard sockpuppet name
        Can’t wait for January.

  4. GNU Linux Sophistication said on September 6, 2022 at 5:04 am
    Reply

    @Jody Thornton

    > [I’m not of the belief that Iron Heart is misinformed.]
    > [If he misquotes something or erroneously spreads misinformation, I think it is truly by mistake.]

    I am of the belief that Iron Heart is misinformed about a lot of things. I also am of the belief that the guy hasn’t a clue what he is talking about as regards privacy and security discussion topics. But that is just an opinion. I believe he deliberately spreads misinformation about Firefox browser in the comments, “as an act of urging on Firefox users” in a type of provocation into replying to him, so he can reply with walls of text and delusional opinions, in attempts to scare them off, so that in his own mind, he can see it as a win.

    Very foolish behaviour if you ask me. A drama queen. There are reasons why people say they have UBO filters especially for him. Lets not forget that.

    He was told many times on this comments section that Firefox has sandbox and site isolation technology built into the Gecko browser code on desktop, but he continues to say it does not. As @Yash says, kind of pointless to argue with people like that.

    He thinks that if he can get in the last comment by shouting over other people, it makes him look better. Lol.

    He gets an ego boost when people like you agree with him. @Thornton.

    Guess that is why he lives in the Ghacks comments section as a form of “social media addiction” waiting for the “Ego Boost” he so desperately craves from people like you agreeing with him. When people disagree with him, he appeals to the moderators to help him stop the comments that disagree with him. Lol. See this behaviour from him here.

    https://www.ghacks.net/2022/08/31/google-chrome-105-fixes-24-security-issues/

    @Iron Heart commented – The moderator suppresses any posting of factual sources that compare the actual base code, but lets propagandists who try to fool people with ill-informed statistics have a field day, also bringing the blog into disrepute. Again, this is very sad.

    @Iron Heart commenred – I think something needs to be done about this;

    Pathetic bitching from @Iron Heart. Only he can be right, no others are allowed to have an opinion only him, yet he says he is for free speech. The guy acts like a complete control freak around the comments sections. Lol.

    > However, I’m finding sites that just don’t work on Firefox to be increasing.

    Never had a problem myself.

    > Living in real life, I need to use what allows me to get my work done, and increasingly that’s becoming something built on Chromium.

    Use what works for you. My criticism of chromium browsers is an opinion. I trust the statistics that basically say that chromium browsers get a lot of very bad security issues. No other browsers get as much security problems. I will not ever use such browsers due to that fact.

    > Additionally, Mozilla constantly changes and deprecates features with each version, neutering Firefox of its ability to be customized.

    I see nothing only improvements from Mozilla security wise and privacy wise in Firefox. For example you can say that Pale Moon is more customizable, But does it have RUST or FISSION? Pale Moon has none of the advantages from QUANTUM Firefox.

    > I’ve never heard of this madaidan fellow until recently, but from a Google search, it’s hard to decipher whether or not he’s credible for security

    I believe most of his security advice is terrible. But again that is just an opinion.

    The problem with advising people to use proprietary software over FOSS, is that with proprietary software the code can only be confirmed to be secure by the company that made the code, but with FOSS the code can be confirmed to be secure by a much wider and larger community of people, because the code is FOSS.. If the code is insecure in FOSS, it would be known about faster, thus it can be made more secure more easily. With proprietary software you would just have to trust the company that makes the software and take their word as truth when they tell you that their product is secure.

    No thanks windows or google chrome, better software choices out there.

    > Remember that security through obscurity argument that fans of Windows 98 and XP used to make once Windows 7 became more commonplace? Could that same argument not be made for Firefox?

    No, the same argument can not be made for Firefox, windows has a history of having the worst operating system security problems. It would be a really stupid idea to compare a FOSS browser like Firefox to proprietary windows. Firefox is a well maintained browser liked by the FOSS community. It is not as if something better has took its place. Firefox is installed by default on many linux distros for a reason.

    > take the arguments he makes of Mozilla Money gifted from Uncle Google

    And? Does Google own Mozilla? Nope.

    Have mozilla survived without a google search engine deal previously? Yes, they had a search deal with Yahoo.

    @No anonymity

    > Well said – I find @Iron Heart’s posts informative in that they challenge pre-conceived notions and invite further research, whether you agree with them or not

    I don’t know if this guy is actually serious or is it just sarcasm? But i found this comment pleasantly entertaining, i laughed.

    > My remark about ‘shills’ was aimed at @Gnu Linux Sophistication who seems to have an obsession with using that term.

    I have not called anyone that word “shill” here. If you have reading glasses, i suggest you wear them as your eyesight might be failing you, probably should go see an eye specialist for an eyesight check.

    You seem to be confusing me with another poster.

    > @Iron Heart commented – The place where you can freely post misinformation and use it to shill Firefox is called r/firefox.

    > @Iron Heart commented – If you guys are not desperate shills who should seek out that lovely place, I don’t know who is

    > @Iron Heart commented – He is the shill, and should be described as such based on how he behaves

    > @Iron Heart commented – In your case, as well as in the case of @Andy Prough @Tom Hawack @Karl and @GNU Linux Sophistication, what I said was just the plain truth. If you guys are not desperate shills who should seek out that lovely place, I don’t know who is.

    > @Aluminium commented – Also why do you use the word “shill” so much?

    Iron Hearts favorite word, he believes everyone that disagrees with him is a shill Lol.

    @No anonymity

    > @Iron Heart seems to be accused of being one for Google and Chrome when he has made it clear time and again here (or at least to my reading) that it is Chromium he is talking about, and specifically Brave which he uses.

    You do realize Chromium is a google invention? a browser codebase where they have the most commits along with M$? Where do you think Brave browser gets its browser codebase from? Do you think they built the chromium codebase themselves?

    Thankfully this comment section has intelligent posters such as @Tom Hawack, because if it was just these two, @No anonymity and @Iron Heart, the collective IQ of the comment section would be in the low double digits.

    @Tom Hawack commented – Democracy is the right for all to express themselves and decide accordingly, not the expression of truth on the ground of a majority’s choices.

    Tom Hawack has good taste in quotes.

    1. Iron Heart said on September 7, 2022 at 5:55 am
      Reply

      @GNU Linux Sophistication

      Such a long ass wall of text just to complain and whine about me, doesn’t it get old? In terms of space, your ramblings occupy a sizable part of the comments section, with little to no valuable information given. You say lots of things like “He is misinformed” again and again etc., but you were not able to refute anything I said so far. Sure, you reply with whataboutisms and strawmen and stuff that sometimes hardly relates to what I’ve wrote before, or you move goalposts, or any other possible trick in the arsenal apparently, but I have not yet seen one occasion where you have actually and credibly proven anything I’ve said wrong. What I said about the sandbox and site isolation is accurate (site isolation not being implemented as long as sites can still share the same process, which is NOT real site isolation, or the sandbox not being operational on various operating systems etc).

      What is especially laughable is that you said that people basically can’t agree with me out of fear that it could “boost my ego”… Like, how pathetic is that? You can’t convince anybody that what you say is anywhere close to factually correct, “but please, please, PLEASE don’t ever agree with Iron Heart, as it might boost his ego wha wha wha!” I genuinely laughed my ass off about that very sentence.
      What I said about you being a shill (oopsie, again!) is confirmed once more by your most recent comments which are unreflected advertising (alternating with personal attacks). This drags down the quality of the comment section and if the moderator feels like he must ban factual sources just because they are “controversial” with the fanboys, I don’t see why he should show any leniency towards comments like yours, which solely and exclusively consist out of personal attacks and enmity.

      I violated my self-set policy not to reply to your nonsense again because I can’t let such monumental garbage stand, just so you know.

      PS: Whether or not Tom Hawack blocks me is of no consequence at all. He doesn’t value my contributions, this is fine by me. I don’t particularly value his either. We are good.

      1. Aluminum said on September 7, 2022 at 6:47 am
        Reply

        @Iron Heart

        According to ‘No anonymity’, calling anyone who disagrees ‘shills’ confirms your “stuff reads like ramblings of teenagers wanting to sound knowledgable (sic) and important without knowing the first principles of what they are talking about.”

    2. ShintoPlasm said on September 6, 2022 at 10:58 am
      Reply

      Just regarding your comment –

      “> However, I’m finding sites that just don’t work on Firefox to be increasing.

      Never had a problem myself.”

      Unfortunately, over the years I’ve personally reported several malfunctioning sites to the Firefox devs (usually through the webcompat extension/Github) and I do bump into ones every now and then. I guess you’ve been lucky so far, but from what I see the problem is real. Not a massive one (yet) for sure, but there’s more sites which malfunction on Firefox and work fine on Chromium than vice versa. And it’s annoying, because I really dislike switching between browsers.

      Having said that, at least 3 of the sites I’ve reported have been fixed either by FF or the sites’ admins, so clearly there’s some positives there too.

      1. ShintoPlasm said on September 6, 2022 at 10:59 am
        Reply

        Addendum:

        And that’s before we account for Google-specific sites which – deliberately – work less well on Firefox, such as no offline functionality for Google Drive/Docs, or limited functionality in Google Duo’s web version.

      2. owl said on September 6, 2022 at 1:06 pm
        Reply

        @ShintoPlasm,

        If you care in the slightest about Firefox, I recommend you try Floop (based on the latest version of Firefox ESR).

        Its developers are a group of (6) current high school students in Japan.
        They are friends who have been studying with “Uniant” or “VCborn” and are now using the results to support the development of browsers, search engines, etc.
        (10s) generationally unaware of other than Google and Microsoft.
        Then, they decided to independently develop the Chromium browser, but last year they learned about Firefox and ….. are a developer with the following background.
        Uniant · GitHub
        https://github.com/Uniant
        VCborn · GitHub
        https://github.com/VCborn

        Forked browsers “tend to be late in applying updates from upstream” and development support is often not encouraging, that’s why the “Floop” development team is aware of this and declares, real-time application of updates from upstream and act positive (responding to requests) user support.

        Floorp browser,
        https://www.ghacks.net/2022/08/23/firefox-104-analyze-a-websites-power-usage-and-ui-throttling/#comment-4546493
        https://www.ghacks.net/2022/08/30/firefox-104-0-1-fixes-youtube-playback-issues/#comment-4546952
        Frea Search,
        https://www.ghacks.net/2022/08/23/firefox-104-analyze-a-websites-power-usage-and-ui-throttling/#comment-4546664

        Give it a try if you like.

      3. owl said on September 6, 2022 at 1:27 pm
        Reply

        Floorp: Source code for Floorp browser version 10 and above Firefox | GitHub – Floorp-Projects
        https://github.com/Floorp-Projects/Floorp

  5. owl said on September 5, 2022 at 5:32 am
    Reply

    On September 4, 2022,
    the latest version of Microsoft Defender, version 1.373.1508.0, was released.
    However,
    “Microsoft Defender” false positives Chromium browsers such as Google Chrome and Microsoft Edge, and Electron-based apps such as WhatsApp, Discord, and Spotify as malware (“Behavior:Win32/Hive.ZY”).
    Moreover, the warning message is re-displayed many times, as it cannot be resolved manually.
    Windows Defender is reporting a false-positive threat ‘Behavior:Win32/Hive.ZY’; it’s nothing to be worried about | Windows Central
    https://www.windowscentral.com/software-apps/windows-11/windows-defender-is-reporting-a-false-positive-threat-behaviorwin32hivezy-its-nothing-to-be-worried-about
    Microsoft Defender falsely detects Win32/Hive.ZY in Google Chrome, Electron apps
    https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-falsely-detects-win32-hivezy-in-google-chrome-electron-apps/

    After confirming this defect, Microsoft released version 1.373.1537.0, which fixes the problem.
    https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes?requestVersion=1.373.1537.0

    1. owl said on September 5, 2022 at 5:33 am
      Reply
  6. Leopeva64 said on September 4, 2022 at 6:49 pm
    Reply

    Google will add a ‘Battery Saver mode’ indicator to the Chrome toolbar:

    https://redd.it/x5qrcq

    .

  7. Jody Thornton said on September 4, 2022 at 2:07 pm
    Reply

    @GNU Linux

    I’m not of the belief that Iron Heart is misinformed. When you really examine his responses, he puts a LOT out on the table, without sounding like he has to dot “Is” or cross “Ts”. I find when people go into a lot of nuance and detail, they tend to be more credible and honest. If he misquotes something or erroneously spreads misinformation, I think it is truly by mistake.

    I still use Firefox, but I’m increasingly becoming disenchanted with it. I sat in the Pale Moon camp for quite a long time, until six or seven years ago, when the arrogance of the Pale Moon team drove me back to Firefox. I’ve flirted with Waterfox now and then, but it doesn’t seem like Alex differentiates from Firefox much, and I find Alex Kontos can be just as stubborn and arrogant.

    I’ve embraced the Firefox v57 Quantum environment, most notably the Photon shell in ESR versions 60 and 78, since it goes so well with Windows 8 in appearance. As of ESR 91 and 102 versions though, I’ve needed to hack userChrome.css to get that appearance back. However, Mozilla has made lots of other little changes that affect functionality, such as the download file dialog box changes, the location of temporary downloads while viewing (they’re just placed in your downloads folder now, and NOT removed), and not the least, rendering changes so that if I make changes to prefs in about:config to control rendering flow (such as content.notify items or nglayout.intialpaint.delay), they are pretty much disregarded.

    However, I’m finding sites that just don’t work on Firefox to be increasing. On my last two hospital visits, when I needed to go online for a medical survey preceding my appointments, and for certain work-related projects, I’ve needed to use a Blink based browser. Edge and Vivaldi both worked. Now whether or not testing was NOT done on Gecko is NOT an issue for me to worry about. Living in real life, I need to use what allows me to get my work done, and increasingly that’s becoming something built on Chromium. It’s not for me to worry about whether the site’s development team should have tested against Gecko. If I were to ask them to check again Firefox, they might say, “Fire-what? Fire-sale? Fire-wolf? What was it?”

    The truth is that it’s well known that Google pays Mozilla a crapload of dough for including search, but it does appear that Google is subsidizing Firefox so that the appearance of open competition is maintained. Additionally, Mozilla constantly changes and deprecates features with each version, neutering Firefox of its ability to be customized. I figure that userChrome.css editing will soon be on death row as well.

    I’ve never heard of this madaidan fellow until recently, but from a Google search, it’s hard to decipher whether or not he’s credible for security analysis work. However, some of Iron Heart’s arguments do make sense. If code is touched and used more (such as in Chromium), then a greater number of potential security exploits can be expected to be found. Remember that security through obscurity argument that fans of Windows 98 and XP used to make once Windows 7 became more commonplace? Could that same argument not be made for Firefox?

    Let’s get back to Iron Heart’s credibility: take the arguments he makes of Mozilla Money gifted from Uncle Google, the madaidan security fellow, and secuity through obscurity point, and I’ll tell you where he’s bang on the money. With respect to the r/firefox subreddit. They positively, absolutely REFUSE to discuss any of it. Even other posters on the sub get leery of the moderator’s intentions. Is he hiding something? Is he involved somehow? I mean why would they go to the lengths that they do to muzzle such conversation? The moderators boil it down to conspiracy theory and trying to avoid toxicity on their subreddit. However, I asked him, “If you’re comfortable in your own convictions that nothing nefarious is going on, then why worry about what anyone says to the contrary?”

    Guess what? No answer. The moderators just appear to not like having their beliefs questioned, or their ways challenged. I recall several Pale Moon people like that (Sadeji [sp?], moonbat, you name them). They just tow the party line, no matter what.

    More to the core point though, I think Iron Heart is really just someone you vehemently disagree with, rather than should dislike? What he says irks you because you so want to believe that Mozilla brings the superior option. Whether or not that’s true, Google and the Chromium Gang (Edge, Opera, Vivaldi, add to the list …) are eating Mozilla’s lunch. I really find Iron Heart’s analysis fair. He just gets “ugly” when he’s challenged by the ultra-Firefox guys like yourself, as though you were trying to egg him on.

    I’ll leave it at that.

    1. Anonymous said on September 5, 2022 at 8:33 pm
      Reply

      Your posts are almost as long as Iron Heart’s.

    2. No anonymity said on September 5, 2022 at 4:07 am
      Reply

      @Jody Thornton

      Well said – I find @Iron Heart’s posts informative in that they challenge pre-conceived notions and invite further research, whether you agree with them or not (and thanks to him I have tried Brave and like it after using Firefox for years because it was the only one I knew about) – the other guy in this thread just parrots dogma (for example, the references to Stallman as though whatever he says comes from the mouth of a God) and aside from abusing everything in sight he doesn’t agree with seems incapable of having a mature conversation. I use Linux as well but it isn’t a religion – it just happens to be easier to install on this computer I was given with no OS installed.

      I find many of these so-called privacy communities out of touch with the real world. As an older guy who has been fighting the actual privacy battle for decades (nothing to do with computers) most of the stuff reads like the ramblings of teenagers wanting to sound knowledgable and important without knowing the first principles of what they are talking about. Calling anyone who disagrees ‘shills’ confirms it.

      1. Aluminum said on September 5, 2022 at 7:59 am
        Reply

        quote by Iron Heart:

        “The place where you can freely post misinformation and use it to shill Firefox is called r/firefox.”

        quote by No anonymity

        “most of the stuff reads like the ramblings of teenagers wanting to sound knowledgable and important without knowing the first principles of what they are talking about. Calling anyone who disagrees ‘shills’ confirms it”

      2. Iron Heart said on September 5, 2022 at 11:39 am
        Reply

        @Aluminium

        In your case, as well as in the case of @Andy Prough @Tom Hawack @Karl and @GNU Linux Sophistication, what I said was just the plain truth. If you guys are not desperate shills who should seek out that lovely place, I don’t know who is. That’s not an insult, that’s how I (and many other people, including the people you reply to) perceive it.

        I also replied to a comment that was extremely childish and was not deserving of any other reply. You hate for me and notorious inability to deal with differing opinions is childish to a laughable degree as well.

      3. Andy Prough said on September 5, 2022 at 5:07 pm
        Reply

        @Iron Heart
        >”In your case, as well as in the case of @Andy Prough @Tom Hawack @Karl and @GNU Linux Sophistication, what I said was just the plain truth. If you guys are not desperate shills who should seek out that lovely place, I don’t know who is.”

        That’s odd. I thought it was Google who once again tripped over their own feet and exposed their users to harm. I guess I was wrong – thanks for correcting the record and showing that it was clearly Andy Prough who is responsible for this zero day exploit.

      4. Aluminium said on September 5, 2022 at 12:14 pm
        Reply

        There is no need for anger and name calling. All I did is quote yourself and No anonymity. No anonymity is the one who made the remark about “shills”. Take it up with him.

      5. No anonymity said on September 5, 2022 at 1:15 pm
        Reply

        @Aluminium My remark about ‘shills’ was aimed at @Gnu Linux Sophistication who seems to have an obsession with using that term. @Iron Heart seems to be accused of being one for Google and Chrome when he has made it clear time and again here (or at least to my reading) that it is Chromium he is talking about, and specifically Brave which he uses. And then @Gnu as part of one of his long-winded rants above accuses him of confusing Chrome and Chromium…

        In any case I think @Jody Thornton has summarised everything here better than I could do

      6. Anonymous said on September 7, 2022 at 4:07 am
        Reply

        Its obvious that No anonymity is a parody account. Don’t try to make sense of it.

      7. Aluminum said on September 7, 2022 at 2:37 am
        Reply

        @No anonymity

        Use ctrl-f and count how many times Gnu used shill and then count how many time IH did, go ahead I’ll wait. Hint: Gnu=0 That’s why I thought you were talking about IH.

      8. Anonymous said on September 5, 2022 at 5:27 pm
        Reply

        @No anonymity

        Gnu never used the word shill in this thread. Iron Heart did, multiple times. As far as long-winded rants, they are both doing that.

        “Never Wrestle with a Pig. You Both Get Dirty and the Pig Likes It”

      9. Iron Heart said on September 5, 2022 at 6:48 pm
        Reply

        @Anonymous

        > Gnu never used the word shill in this thread.

        He is the shill, and should be described as such based on how he behaves. I am not taking that back at all considering what I’ve read of him so far. It’s an apt description.

        > “Never Wrestle with a Pig. You Both Get Dirty and the Pig Likes It”

        Yes, the odor of your comment is awful. Reeks of dishonesty and “I need to defend my team”-tribalism, Ms. Piggy.

      10. Iron Heart said on September 5, 2022 at 1:01 pm
        Reply

        > shills

        Read the comments and tell me they aren’t. Includes you too, btw.

        You want serious replies from me? Write serious comments, then. I have no issue with @no anonymity, I have an issue with you and your lot though.

        > anger and name calling

        More like pure annoyance at this point.

      11. Aluminum said on September 5, 2022 at 12:53 pm
        Reply

        Also why do you use the word “shill” so much?

  8. GNU Linux Sophistication said on September 4, 2022 at 7:02 am
    Reply

    @Anonymous

    > What you reported denotes that you don’t know the subject, so please avoid calling things you don’t understand/know stupid.

    I am truly impressed with your one line sentence and deep philosophical insight on browser security.

    *Edit and source link to show that Iron Heart hasn’t a clue what he is talking about (as usual) regarding Linux Firefox sandbox and how some information on madaidans blog is very outdated. All the misinformation Iron Heart spreads about Firefox is getting old.

    > Firefox (…) on Linux/X11

    Comment from Iron Heart > …is still a joke, read the article.

    Comment from Iron Heart > no sandbox on your favorite OS, Linux, either.

    Such nonsense.

    Source reference,

    The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11).
    https://news.itsfoss.com/firefox-99-release/

  9. GNU Linux Sophistication said on September 4, 2022 at 4:23 am
    Reply

    @Iron Heart

    > So yes, you can audit the browser itself, it’s called Chromium.

    Chrome is not the chromium browser, two different things. Chrome is a proprietary browser.

    Do you think people are stupid as to believe you? If chromium was the same as chrome then why is there ungoogled chromium or chromium?

    > proprietary binary blobs

    Still proprietary!

    > Bloated is not even true,

    Yes it is true.

    Firefox slightly over 20 million lines of code, Chromium codebase is far more bloated with over 30 million lines of code and no RUST like in Firefox code.

    > Seems appropriate and not excessive for what it does.
    > Lines of code is not how you measure so called “bloat

    Chromium codebase = more attack surface than Firefox because chromium codebase has more lines of code. Firefox is a safer browser. Statistics prove that.

    > Because actually, it doesn’t have a sandbox at all and does not do real site isolation either

    Erroneous statement once again. Why persist in spreading misinformation?

    Reference source.

    https://www.pcgamer.com/firefox-950-update-comes-with-beefed-up-sandbox-security/

    https://www.theverge.com/2021/12/6/22820045/firefox-rlbox-sandboxing-technology-security-subcomponents-modules

    > Is buggy, not enabled by default, and does not work on all operating systems. Firefox has no real sandbox on Android and no sandbox on your favorite OS, Linux, either.

    Seems you like never heard of Apparmor/Firejail for Linux and FISSION for Firefox.

    > Google aims to improve the security of the browser as well,

    You mean the browser with the worst security? Google chrome?

    > If you think I bash him when I say that he is neglectful in his argumentation towards the very real possibility of abuse, then so be it. I DON’T CARE!

    You say he is neglectful in his argumentation, i think that is a form of dislike for gorhill.

    > What’s a “privacy device”, pal? Hope you don’t talk about PCs because they sure as heck are not, they share most characteristics with smartphones and tablets.

    Erroneous statement.

    In China people have to provide a facial scan to use a smartphone.

    Reference source.

    https://www.theguardian.com/world/2019/dec/02/china-brings-in-mandatory-facial-recognition-for-mobile-phone-users

    You think smartphones are privacy devices? Lol think again.

    > Don’t care, not least because most of his criticisms are also true for other devices, most especially PCs.

    Comparing smartphones to desktop computers is a stupid argument.

    > None of the most attacked components of Firefox are actually written in Rust.” – Can you read? If that is still the case, and it is, then it does NOT strengthen Firefox’s security

    Erroneous argument as a more safe programming language like RUST in a browser codebase strengthens security, it just so happens to be that Firefox is the browser most written in RUST.

    > Rust is not the magic pill you think it is.

    Rust is seen as the most safe programming language, not just me saying it but many security researchers.

    > . Madaidan is generally well-respected,

    By people who promote closed source software like chrome and windows. That is you. I don’t respect his advice, i think it is some of the most stupid tech advice i have ever heard.

    > recommend anything

    He recommends windows in S-MODE. With that mode, presumably users can not even download tools such as O&O shutup10 as it is likely not in the app store. I don’t know i don’t use windows, but i expect that shutup10 app would not be in the app store Lol.

    > Firefox (…) on Linux/X11

    >…is still a joke, read the article.

    Firefox has been strengthened on Linux months ago. His blog is outdated. Linux does not just use X11 also, a lot of distros are moving towards using wayland, something he also failed to mention lol.

    > Madaidan posts his Linux hardening guide for a reason. And hardening Linux to the degree where its security matches even default Android or iOS, is non-trivial. Also note that security and privacy are not the same thing, before you reply with bullshit again.

    No privacy without good security. Linux does not need to be hardened like he says as he gives no examples of a threat model for such hardening. If one wants to harden Linux there are easier options like using Fedora, Qubes, or Tails.

    Linux distros like Tails are way more secure and private than android as Tails is amnesiac.

    > OK, if it’s a lie, then do me the favor and refute the madaidan article

    Anyone who promotes the browser chrome, a browser riddled with constant security problems over a safer browser like Firefox is somebody that hasn’t a clue what he is talking about and gives terrible security device.

    madaidans articles have been refuted many times.

    Example? Chromium based browsers could not possibly be safer to use when the statistics say they get the most security problems. Lets not pretend that Firefox has no good security.

    His “Linux hardening guide” largely only relates to things that are only theoretically vulnerable, He pushes the idea that because “Systemd in Linux” has a big codebase, that therefore it has a larger attack surface, and that his “Linux hardening guide” is the answer for more security, which is mostly nonsense for linux users. That level of hardening and modifications are not needed by average linux users who already have strong security by default from using well reviewed, well maintained major linux distros that are very well maintained with security patches and have built in firewalls, and apparmor, selinux and firejail available in the package managers. Also in his article he fails to mention that systemd has lots of sandboxing mechanisms. He should be more concerned about using windows than Linux.

    He acts as if “windows” is more secure, even though the code is completely “closed-source software” and can not be seen and analysed like the linux kernel can be by a massive FOSS community. Therefore since the code can not be seen, how can windows be considered to be more secure? When statistics also say windows has far more security problems than Linux distros.

    > Who cares? 2% of all PC OSes,

    YOu do realize that android is based on a modified Linux kernel? YOu use GrapheneOS? YOu are using Linux kernel engineered code that was modified by google. As i said you are ignorant.

    > as by default Linux will accept app installation from any source, not just the package manager.

    Package manager is the recommended solution. At least LInux is not windows S-MODE lol.

    > In how far is Android, especially Custom ROMs, locked down?

    Can you install Tails or various Linux distributions like Fedora on android smartphone devices? No you can not.

    Custom ROMS are not amnesiac like TAILS.

    > I don’t care either, and never will, as long as tower PCs don’t meet my usage critera. Not to mention that they can still be compromised in literally any other way, just excepting microphone and camera.

    Desktop computers can not be tracked like smartphones can. Location tracking is very strong on smartphones.

    Use what you want, i don’t care, i am only saying that it is my opinion that smartphones are very privacy invasive.

    > There is nothing privacy-invasive about GrapheneOS.
    > IMEI, blah blah… I know that by now. Tells no one anything that the MAC address wouldn’t already.

    IMEI is another hardware identifier on top of MAC.

    > Look, PCs are fine, but they don’t offer exceptional security or privacy

    Do you think that smartphones are used for security? Lol. Why do you think that Red Hat Enterprise Linux (RHEL) is a commercial open-source Linux distribution developed by Red Hat for the commercial market?

    > There is no proof that closed sourced software suffers from sloppy programming or is of worse quality than open source OSes or applications
    > FOSS is not necessarily more secure (and I say this as a proponent of FOSS where applicable). Whether the code is public or not is unrelated to code quality.

    Typical windows user argument.

    Which operating system is closed source and suffers from the most security problems? Windows.
    Which browser is closed source and suffers from the most security problems? Chrome.

    > But we know that he is a dev of skill

    You are entitled to your opinion. However, think he gives idiotic advice.

    Any security expert worth their salt will always reccommend the FOSS model as it allows greater security.

    > Nah.

    Oh man you must really hate FOSS, the lengths you go to defend the chrome browser from any criticism is an example of that.

    1. You are the best, ever. EVER. said on September 4, 2022 at 10:20 am
      Reply

      Could you write longer post, please? Everybody worships and loves your posts, but they are too short, consistant, on point and much too logical.

      1. Aluminum said on September 5, 2022 at 12:51 pm
        Reply

        @You are the best, ever. EVER

        Are you talking about IH or GNU Linux? It’s hard to tell.

      2. Iron Heart said on September 5, 2022 at 6:54 pm
        Reply

        @Aluminium

        > Are you talking about IH or GNU Linux? It’s hard to tell.

        Never realized that Aluminium can be salty.

    2. Yash said on September 4, 2022 at 9:47 am
      Reply

      ChromeFan is a parody account. Iron Heart is not. That’s a big difference.

      There are some folks like Iron Heart who can’t prove a damn point to hang ln to dear life. No point in arguing with them, right @GNU Linux Sophistication.

  10. GNU Linux Sophistication said on September 3, 2022 at 9:57 pm
    Reply

    @Iron Heart

    > Yeah, it never happens elsewhere…

    Thunderbird is not a web browser.

    Iron Heart comment style = Loses the argument, but keeps grasping at straws looking for any angle to hate on Mozilla by venturing off topic. Now we have gone from talking about browser security to Thunderbird a cross-platform email client.

    > The project with more users and devs working on it will have more security issues discovered, doesn’t mean the security practices of competitors are better when they are not as used and tested.

    Iron Heart still defending the erroneous concept that because a particular software has more users, it will have more security issues discovered, this is not always the case with closed source software like Chrome or Edge, where the closed source code is only maintained by Google and Microsoft. Closed source = Lazy programming environment where the code can not be reviewed by a wider community..

    Iron Heart also still clutching at straws by pretending that FOSS Firefox is not used by millions of people and the FOSS code constantly under the watchful eye of Mozilla and a massive FOSS community. The only company that can maintain google chrome is google because the code is closed source.

    > You know who works with Chromium code? Not just Google, but also Microsoft

    All the more reason for to avoid using chromium based browsers.

    > They don’t even have real site isolation or a sandbox over there,

    Again Iron Heart spreading lies and misinformation in a persistent manner, something he accuses others of doing frequently.

    Mozilla’s Firefox Site Isolation offers protection from side-channel attacks, through a form of process sandboxing technology. The same security feature can also defend against problems arising from universal cross-site scripting (UXSS) vulnerabilities. Firefox Site Isolation technology means that documents from different websites are no longer rendered by the same process. Firefox has much of same underlying Site Isolation technology as seen in chromium browsers, however Firefox is more secure as much of Firefox is written in rust.

    @ChromeFan

    Closed source > open source everyday of the week

    > Who uses the Firefox codebase?

    This is the reasoning and logic of people like Iron Heart and ChromeFan, very ignorant.

    I have noticed that people who say they prefer to use Firefox, have greater technical knowledge about computing than people who talk crap about Firefox. People that use Firefox are the type of people that go out of their way to use something better than closed source chrome and edge.

  11. Mothy said on September 3, 2022 at 7:23 pm
    Reply

    I use ungoogled chromium (portable) as a secondary browser. It usually takes the devs a couple days to create the new version for download which I often apply immediately to my two desktop PC’s while keeping a backup of the older version just in case there is a problem with the new version (since it’s portable can just copy the old version back replacing the new version).

    However because of the delay they just released the Aug 31 update this morning (105.0.5195.54). So it will probably be a couple more days before the latest version is released that has the emergency update.

    But overall, that’s why I only use it as a secondary browser and only for a few well known websites in order to limit my potential exposure to these vulnerabilities that seem to occur too frequently in the Chromium code base.

    1. Mothy said on September 5, 2022 at 5:52 pm
      Reply

      As expected the latest Windows version (105.0.5195.102) of ungoogled chromium with the emergency update is available now via: https://github.com/ungoogled-software/ungoogled-chromium-windows/releases

    2. Ariweee said on September 3, 2022 at 7:48 pm
      Reply

      I also use Ungoogled Chromium!

      I’m currently using the most up-to-date version: Ungoogled Chromium v.105.0.5195.102!

      This is the browser I use and no one else!

      (Until a year ago, I used Cent browser, but its developer hid for a long time, lying that there will be new versions all year! Now it’s on some betas, which are 6 versions behind the current one!)

    3. BonziBuddy said on September 3, 2022 at 7:47 pm
      Reply

      Me too. Although it’s a bit shaky when the ungoogled chromium developer posts professional sentences about version 105 like: “This version of Chromium is best described as crap.” Things like this and the sometimes VERY long wait between updates just makes me think the developer is a chainsmoking nervous wreck with multiple issues and ungoogled chromium is less important to him than a weekend drinking at the bar..
      Oh well, it is what it is. Free stuff, so shouldn’t complain =)

  12. ilev said on September 3, 2022 at 7:12 pm
    Reply

    105.0.5195.102 fixed video not playing on numerous sites.

    1. Ariweee said on September 3, 2022 at 7:45 pm
      Reply

      I confirm that the problem with playing video on some sites has been fixed! Although there is no notice that this has been removed as a reason for the new version!

  13. Andy Prough said on September 3, 2022 at 7:04 pm
    Reply

    I’m impressed. I didn’t think that google would respond so quickly with a new zero day flaw when I said that 24 security flaws wasn’t nearly high enough to satisfy the ‘google theory of numbering things’ (“GTNG”).

    But to their credit, google won’t be satisfied until they hit an even 100 flaws per month.

    1. Anonymous said on September 3, 2022 at 10:46 pm
      Reply

      @GNU Linux Sophistication
      What you reported denotes that you don’t know the subject, so please avoid calling things you don’t understand/know stupid.

    2. Iron Heart said on September 3, 2022 at 7:24 pm
      Reply

      @Andy Prough

      > 100 flaws per month

      Dude, 100 flaws per month discovered and fixed would be better than 100 flaws that are in a code that hardly anyone audits, but that could easily be exploited at any moment. Cheers.

      1. Andy Prough said on September 3, 2022 at 10:31 pm
        Reply

        @Iron Heart –
        I’m glad to see that we agree, as usual. Google’s relentless march toward 100 moronic programming failures per month and 100 moronic zero day exploits per 3-year-period is going to be a stupendous leap forward for humanity. We should celebrate it with a gigantic countdown clock, like for a spaceship launch.

      2. Iron Heart said on September 3, 2022 at 11:28 pm
        Reply

        @Andy Prough

        The place where you can freely post misinformation and use it to shill Firefox is called r/firefox.

      3. Karl said on September 4, 2022 at 3:02 am
        Reply

        @Iron Heart

        The place where you can freely post misinformation and use it to shill Google is called r/google.

      4. Andy Prough said on September 4, 2022 at 12:13 am
        Reply

        @Iron Heart
        Too bad I don’t use Firefox, when I go to that site with the links2 browser all I see are complaints about Firefox. And an advertisement for a movie called ‘Medieval’. Do you have to use Firefox to see all the shill posts?

      5. rs said on September 3, 2022 at 9:10 pm
        Reply

        the flaws are users still trusting the fox, exploited every startup at least.

        Oh but marshall, head of marketing and trust, from homeland security and nicole from the u.s. disinfo dept say please bro just trust us bro please… so we should keep trusting, hoping that random eric guy wont do more backdoors… and what google trackers? google bad we’d never do that honest ..!. i mean ;) trust us bro…

  14. New IE said on September 3, 2022 at 6:23 pm
    Reply

    “Internet Explorer is more secure or something than Firefox” Chrome and its fans is same as Internet Explorer and its fans 15 years ago.

  15. GNU Linux Sophistication said on September 3, 2022 at 3:58 pm
    Reply

    @Iron Heart

    > Yeah because no other browser is being used as much, and receives as much scrutiny.

    False erroneous statement and/or misleading information. Chrome recieves scrutiny? A closed source browser like Chrome only recieves scrutiny from google, which creates an environment of lazy programming as the code can only be observed by google and not the wider FOSS community.

    Chromium codebase whilst being FOSS can be observed by the wider community, but it has become so bloated at this stage, bugs and security problems are taking longer to be found if found at all, as the code has well over 30 million lines of code that google keeps adding to.

    > Browser with no real site isolation and no sandbox is safer?

    False erroneous and/or misleading information. Firefox has sandbox and site isolation mechanism built into the browser.

    Reference sources for news about Firefox new sandbox mechanism.

    https://www.pcgamer.com/firefox-950-update-comes-with-beefed-up-sandbox-security/

    https://www.theverge.com/2021/12/6/22820045/firefox-rlbox-sandboxing-technology-security-subcomponents-modules

    > Yeah because letting extensions (including malicious ones) intercept and redirect all connections is a good idea. /s Which is precisely what the webRequest API does.

    No surprize Iron Heart advocates for limited ad blocking and supports googles ideas. Notice his dislike of gorhill too. He talks crap about UBO.

    > Ask experts like Daniel Micay (dev of GrapheneOS) what he thinks about the security practices of Firefox (or rebranded Firefox, i.e. LibreWolf).

    No one is a privacy expert if they recommend smartphones as a privacy device in my opinion. There you go again, making it all about grapheneOS and smartphones lol. Stay on topic please, the news was about chromes security problem.

    Smartphones are used by countries like China/France to impede on citizens rights by requiring them/required them to have ID passes. Anyone who promotes smartphones as a privacy device are not very smart.

    Stallman dislikes smartphones, i dislike smartphones too. If someone has to use a phone, Any older type phone is better than a smartphone in my opinion.

    > None of the most attacked components of Firefox are actually written in Rust. Firefox vs. Chromium comparison

    Rust is a safe programming language that strengthens Firefox security, a massive advantage over chromium based browsers.

    > Nobody, including you, has successfully refuted the article so far…

    Many security researchers laugh at the articles/ he is nothing but privacy and security theatre. Him recommending an insecure proprietary browser like Chrome makes him look stupid.

    Some of his articles are completely out of date also.

    One example = Firefox has strenghtened security on Linux/X11 problem months ago.

    > Good security practices don’t have to rely on something not being used / irrelevant.

    Your argument is a really stupid one as you are pushing the idea that Firefox (even if less popular) as a browser has no good security which is a complete LIE.

    > Because they are, LOL. Between desktop OSes accepting applications from shady sources, to no real permission model, to lack of application virtualization etc. How is that even a discussion?

    Erroneous statement, false and/or misleading information.

    Linux distros have secure package managers where software is safe. It is not advised to just go download apps randomly from the internet when many Linux distros have their own software package managers.

    Permission model can be MUCH MUCH stronger on desktop towers than smartphones.

    Examples 1 on Linux = Selinux, Apparmor, Firejail, Flatpaks. (Security getting stronger and improving all the time too)

    Example 2 = desktop computers are the definition of open customizable hardware, don’t want WIFI? Well just remove the wifi card. Don’t want camera or Mic? Simple to unplug from USB. Also no IMEI.

    Example 3 = Multiple options to compartmentalize various operating systems easily on desktop.

    Want Tails? just put it on USB stick

    Want Qubes? Just put it on USB stick.

    Want Fedora? JUst put it on USB stick.

    No such options for Smartphones as they are locked down garbage
    where cams and mics are nearly impossible to remove without damaging the hardware over time.

    It is not as if people can just plug in tailsOS to smartphone like on desktop lol.

    And again i say to you, stay on topic please and stop making this about grapheneOS in every discussion. I dislike smartphones as they are privacy invasive.

    The most secure type of of computing is always done on desktop not smartphones.

    > because the statistics would tell you that the most used project is also the most searched for in terms of security issues.

    Erroneous statement. The most used software are usually proprietary which creates a lazy environment for programming where the code can not be observed by the wider FOSS community.

    That is why chrome and windows get more security problems than Linux distros and Firefox.

    You have not a clue what you’re talking about, any security expert worth their salt will always reccommend the FOSS model as it allows greater security. That is why people dislike the stupid madaidan blog, it is because he gives terrible advice as regards choosing software to use.

    @Anonynmous

    > madaidan is a security researcher

    And? Is he your leader or something?

    More like security and privacy theatre that gives stupid advice like saying chromium browsers are more secure when the statistics dismantle and destroy that ridiculous argument of his. He also promotes proprietary software over FOSS. No surprize that Iron Heart complains about not being able to spam the link to his blog, the stupid blog is laughed at in privacy communities worth their salt because he reccommends proprietary software over FOSS.

    1. Iron Heart said on September 4, 2022 at 12:39 am
      Reply

      @GNU Linux sophistication

      > Chrome

      …is just Chromium with different branding and some proprietary binary blobs, hardly something that adds anything that can be attacked. So yes, you can audit the browser itself, it’s called Chromium.

      > but it has become so bloated at this stage, bugs and security problems are taking longer to be found if found at all

      Bloated is not even true, if it was, it would use more RAM and CPU than FF, which is not the case. Lines of code is not how you measure so called “bloat” and this discussion is hardly related to security at all. And that we have lost oversight over the codebase and suddenly don’t understand it anymore, because… reasons, I guess? What’s your source for that? Is it “Trust me, bro”?

      > as the code has well over 30 million lines of code that google keeps adding to.

      Seems appropriate and not excessive for what it does.

      > Firefox has sandbox and site isolation mechanism built into the browser.

      You mean nominally? Or actually? Because actually, it doesn’t have a sandbox at all and does not do real site isolation either, because as the name already tells you, websites would have to be actually isolated from each other. In Firefox, different websites can still share the same content process, so it does NOT meet the definition of site isolation.

      > Reference sources for news about Firefox new sandbox mechanism.

      Is buggy, not enabled by default, and does not work on all operating systems. Firefox has no real sandbox on Android and no sandbox on your favorite OS, Linux, either.

      > No surprize Iron Heart advocates for limited ad blocking and supports googles ideas.

      *surprise

      I support any idea that combats malware and enhances security, like every sensible user would. Google aims to improve the security of the browser as well, that’s kind of the job of some of their engineers, you absolute genius.

      There are many ways to block ads, there are not so many ways to put a heavy dent into malicious activities. Know which path is smart to follow, and you know my position on this.

      > Notice his dislike of gorhill too. He talks crap about UBO.

      Dislike of gorhill? Talking crap about uBO? When and where? Source, if I may ask?

      gorhill likes his extension of course, and it does do good for the user. It intercepts user-unfriendly connections and blocks them. That’s great! The same API can also be used by malicious actors for evil, however, as extensions can spy on all connections of the user and redirect them to possibly malware-laden destinations (easy invite for the next drive-by attack). This is a real issue (a very high amount of malicious extensions actually uses the webRequest API!) and gorhill never ever talks about it. Why? I don’t know, feel free to ask him. If you think I bash him when I say that he is neglectful in his argumentation towards the very real possibility of abuse, then so be it. I DON’T CARE!

      > No one is a privacy expert if they recommend smartphones as a privacy device in my opinion.

      What’s a “privacy device”, pal? Hope you don’t talk about PCs because they sure as heck are not, they share most characteristics with smartphones and tablets.

      > making it all about grapheneOS and smartphones lol

      Well you always talk about the big baddie “smartphone” and mentioning GrapheneOS should correct your BS.

      > countries like China/France

      …can decree whatever they want. Those are political issues. When countries say that you need to install specific programs, that does not mean that the basic OS is bad… It just means that the country demands you install certain programs. End of story.

      Laws demanding certain applications be installed say nothing about the basic privacy characteristics of any OS (OSes are not identical with the applications running on them). They could also demand that your Linux PC needs to have a spyware application installed. Just saying.

      > Stallman dislikes smartphones

      Don’t care, not least because most of his criticisms are also true for other devices, most especially PCs. Stallman says educating things at times and plain bullshit at others.

      > Rust is a safe programming language that strengthens Firefox security

      “None of the most attacked components of Firefox are actually written in Rust.” – Can you read? If that is still the case, and it is, then it does NOT strengthen Firefox’s security. Going by this logic, I could also say that Brave’s internal adblocker being written in Rust (which is actually the case!) strengthens its security, but I don’t, because it’s not exactly a part of the browser that is under attack.

      You are not a logical human being, if you were, you would understand that Rust not only needs to be nominally present somewhere in the product, you would also understand that specific components(!) need to be written in Rust.

      And Rust is just a memory-safe language, it is not a fix for everything. Incidentally, I read a lot about decentralized technology daily, namely blockchains. One such blockchain is Solana, which is written in Rust. It’s getting hacked on a regular basis. Just so you know, (C)Rusty.

      > a massive advantage over chromium based browsers.

      …once any of the most attacked parts of Firefox is actually written in Rust, sure. But even then it’s never “massive”, because Rust is not the magic pill you think it is.

      > Many security researchers laugh at the articles/ he is nothing but privacy and security theatre.

      Can’t remember. I also can’t remember anyone actually refuting it so far. Calling bullshit on that one. Madaidan is generally well-respected, and so is the Whonix project.

      > Him recommending an insecure proprietary browser like Chrome makes him look stupid.

      He does independent analysis of code and explicitly does not recommend anything. And he analyzed Chromium, of which Chrome is just a variant. His analysis is also true for Brave or Bromite (both open source). But you knew that, didn’t you?

      > Firefox (…) on Linux/X11

      …is still a joke, read the article.

      > Permission model can be MUCH MUCH stronger on desktop towers than smartphones.

      Emphasis on “can be”, as in, “isn’t by default”. Madaidan posts his Linux hardening guide for a reason. And hardening Linux to the degree where its security matches even default Android or iOS, is non-trivial. Also note that security and privacy are not the same thing, before you reply with bullshit again.

      > Your argument is a really stupid one as you are pushing the idea that Firefox (even if less popular) as a browser has no good security which is a complete LIE.

      OK, if it’s a lie, then do me the favor and refute the madaidan article or what D. Micay has to say about FF. Should be no problem for you, even trivial, if what I said so far is incorrect! I’ll wait for the results (which will never come).

      > Linux distros

      Who cares? 2% of all PC OSes, I believe? Anyway, even then my criticism is still true, as by default Linux will accept app installation from any source, not just the package manager.

      > No such options for Smartphones as they are locked down garbage

      In how far is Android, especially Custom ROMs, locked down? What you say may be true for iOS, but certainly not Android.

      > where cams and mics are nearly impossible to remove without damaging the hardware over time.

      Hm, sure thing. You know, the moment cams and microphones start to record you, your software / OS has already been heavily compromised. If that’s the case, you would not only have to worry about cam / mic, but also about any file on the device, your conversations, and possibly your connections to any endpoint, as they might get monitored as well. Not sure why you are specifically singling out camera and microphone here, I guess because they sound scary and that’s the effect you want to achieve here, who knows.

      All-in-Ones and notebooks, i.e. the vast majority of PCs, also have cams and mics built in, so they are not “fixing” the problem, are they? Sure, sure… I know what you will now tell me, “but, but, but, TOWER PCs”. Well, if more people had a use for them, they would be much more popular than they are right now, correct? So if most people have no use for them (because clunky, and not mobile), and when they consequently don’t care, why should I? I don’t care either, and never will, as long as tower PCs don’t meet my usage critera. Not to mention that they can still be compromised in literally any other way, just excepting microphone and camera.

      > And again i say to you

      Oh, does it get biblical now?

      > stay on topic please and stop making this about grapheneOS in every discussion. I dislike smartphones as they are privacy invasive.

      The former sentence is the fix for the latter sentence. There is nothing privacy-invasive about GrapheneOS.

      IMEI, blah blah… I know that by now. Tells no one anything that the MAC address wouldn’t already.

      > The most secure type of of computing is always done on desktop not smartphones.

      Source: Trust me, bro.

      Look, PCs are fine, but they don’t offer exceptional security or privacy (which are still not the same thing) either.

      > The most used software are usually proprietary which creates a lazy environment for programming where the code can not be observed by the wider FOSS community.

      Source: Trust me, bro.

      There is no proof that closed sourced software suffers from sloppy programming or is of worse quality than open source OSes or applications. In theory, you can’t even make this claim because you know exactly zilch about the code of the closed source application!

      What you say is not true especially(!) for browsers since Chromium is open source and Chrome, while closed source, does not differ much from Chromium (see above).

      > That is why chrome and windows get more security problems than Linux distros and Firefox.

      Uhm, nope. The code quality has nothing to do with whether or not the code is public. For all you know, they (MS) could write excellent code without ever publishing it for business reasons.

      And putting Windows and Chrome in one sentence is laughable because we know of Chrome’s code via Chromium, to the point where the entire browser minus some proprietary binary blobs can be compiled. Whereas Windows is really closed source, as in, we really don’t know. And you hardly know anything either, regardless of open source or closed source.

      > any security expert worth their salt will always reccommend the FOSS model as it allows greater security.

      Nah.

      FOSS is not necessarily more secure (and I say this as a proponent of FOSS where applicable). Whether the code is public or not is unrelated to code quality.

      > That is why people dislike the stupid madaidan blog, it is because he gives terrible advice as regards choosing software to use.

      Haven’t heard of any major dislike, and it doesn’t even attempt to give advice. It provides analysis, not more and not less.

      > And? Is he your leader or something?

      No, my dude. But we know that he is a dev of skill while you are a babbling nobody who has no clue about anything. You don’t even understand the difference between analysis and advice.

  16. ECJ said on September 3, 2022 at 2:45 pm
    Reply

    Déjà vu…

  17. zaqzyp said on September 3, 2022 at 2:06 pm
    Reply

    I used to have the update notification go as long as possible. That’s because I’ve set to clear all cookies at exit. So I’d have to relogin to ~20 sites every time.

    Now I update as soon as available. Because there’s a difference between “relaunch” (About Chrome menu) and closing and restarting Chrome. Relaunch only logs you out of Google.

  18. Thorky said on September 3, 2022 at 1:58 pm
    Reply

    Microsoft was almost as fast as Google with an Update for Edge Chromium. Unfortunately it doesn’t help with the MetricsReportingEnabled-problem.

  19. ChromeFan said on September 3, 2022 at 11:28 am
    Reply

    I update when it’s available. Who wouldn’t? People that don’t respect security, being secure, innovation, and the free and open internet in which Google is a pioneer.

    Security issues are not a issue, when the basics like video playback work without any issues, and ALL websites load quickly. Something certain browsers can’t do.

    These certain browsers also have bugs that date back 15 years, haha. That is why no-one takes your browser seriously. They never have, and they never will. Closed source > open source everyday of the week, twice on a Sunday.

  20. GNU Linux Sophistication said on September 3, 2022 at 8:55 am
    Reply

    > The update addresses a security issue in the browser that is rated high and exploited in the wild.

    Another critical security problem for Chrome. No surprize. No other browser gets as much security problems as Chrome/chromium engine codebase. Anyone still using chrome at this stage, should probably consider switching to something more safer like Firefox, Librewolf.

    Firefox users have been telling people for ages that chromium based browsers are not very safe security wise. People should expect that an ad-tech company writing browser code (chromium) is not exactly something good for the direction of browsers and web standards. Google is already limiting ad blockers with Manifest V3. The excuse? its for security LOL. You are talking about google there, the ad-tech company with the browser that gets the most sedcurity problems according to statistics.

    Firefox users are correct not to trust chromium based browsers because of google as they have terrible security and privacy practices. Who would trust browser code authored by an ad-tech company? FOSS or not, i am not trusting that overbloated crap, the insecure chromium engine over the advanced rust programming in Gecko browser engine Firefox or Librewolf, both being much safer and secure browsers than any chromium based browsers.

    People who use chromium based browsers are very vulnerable compared to the better security in Firefox and Librewolf with UBO or Noscript, Javascript turned off as much as possible, a simple toggle for that in UBO.

    This goes to show that the madaidan blog or whatever he calls himself hasn’t a clue what he is talking about. He recommends using windows in S-MODE over Linux distros and chromium based browsers over the more secure browser written in rust, Firefox. LOL. Also he basically says that smartphones are literally more secure than desktop computing, that blog is really stupid.

    Trust in statistics, not random opinions found on random blogs.

    1. Tom Hawack said on September 4, 2022 at 11:51 am
      Reply

      @binocry,

      > nobody use firefox so no one want waste their time and effort to attack dying browser

      Sheep don’t, for sure. Did you know that some of us aren’t sheep?

      DUHH,

      > Yeah, browsers that never get any updates are the safest.

      Sarcasm is it? Firefox gets updated every four weeks and theses updates don’t include old security ones as Chrome’s do.

      @GNU Linux Sophistication is absolutely right, whoever madaidan may be. You can be a psychologist without a diploma and a security researcher as well. There’s no crown dedicated to “researchers” and one’s own experience should always prevail on researcher’s big thoughts : think & experience for ourselves.

    2. DUHH said on September 3, 2022 at 7:40 pm
      Reply

      Yeah, browsers that never get any updates are the safest. It’s because they have zero bugs and zero issues, their code is 100% secure from the get go. Yeah, that’s it. Same applies to phones, the safest ones are on Android 2 and lower. Computers too, Windows 95 should be used worldwide because it hasn’t needed any bugfixes since forever.
      Must be easy and chill living with such a simple mind like yours…

      1. Aluminum said on September 4, 2022 at 6:40 am
        Reply

        I don’t think any malware that came out in the the last decade or more works on Windows 95, so Win 95 would be very safe, assuming you find a network card that is still compatible with 95 and a browser that supports modern web standards.

    3. binocry said on September 3, 2022 at 5:32 pm
      Reply

      nobody use firefox so no one want waste their time and effort to attack dying browser

    4. Anonymous said on September 3, 2022 at 11:14 am
      Reply

      madaidan is a security researcher. who are you?

    5. Iron Heart said on September 3, 2022 at 10:37 am
      Reply

      There he is again, always with the same comment, slightly rephrased. Booooring. Anyways:

      > No other browser gets as much security problems as Chrome/chromium engine codebase.

      Yeah because no other browser is being used as much, and receives as much scrutiny.

      > more safer like Firefox, Librewolf

      Browser with no real site isolation and no sandbox is safer? I guess they get lucky insofar as nobody really gives a fuck anymore.

      > The excuse? its for security LOL.

      Yeah because letting extensions (including malicious ones) intercept and redirect all connections is a good idea. /s Which is precisely what the webRequest API does.

      > terrible security and privacy practices

      Terrible compared to what? Mozilla? LOL.

      Ask experts like Daniel Micay (dev of GrapheneOS) what he thinks about the security practices of Firefox (or rebranded Firefox, i.e. LibreWolf).

      > advanced rust programming

      > secure browser written in rust, Firefox

      None of the most attacked components of Firefox are actually written in Rust. I have told you this before, so I guess you are just pushing fake news at this point. If you had actually read Madaidan’s Firefox vs. Chromium comparison, you would know it too. But you haven’t, or at least you ignore the facts when it suits you.

      > This goes to show that the madaidan blog or whatever he calls himself hasn’t a clue what he is talking about.

      Nobody, including you, has successfully refuted the article so far… Probably because madaidan, contrary to you, actually looks at the base code, compares the respective security practices, and then bases his conclusions on that. He doesn’t need to misread and misuse statistical likelihoods like “Nobody uses my browser, therefore nobody cares to hack it, therefore it’s secure” like the garbage you push here. Good security practices don’t have to rely on something not being used / irrelevant.

      I know of one attempted “refutation” and it got soundly destroyed by madaidan right then and there, on the FF subreddit. Now they are fearing the article and try to suppress it, I wonder why… Must be because of their great security practices: https://old.reddit.com/r/firefox/comments/wv8xly/why_is_madaidans_website_banned_here/ and https://old.reddit.com/r/firefox/comments/um0xip/why_is_this_sub_suppressing_discussion_of/

      Notice how they never refute any point the article makes, just babbling about “madaidan bad”, it’s that laughable.

      > Also he basically says that smartphones are literally more secure than desktop computing, that blog is really stupid.

      Because they are, LOL. Between desktop OSes accepting applications from shady sources, to no real permission model, to lack of application virtualization etc. How is that even a discussion?

      > Trust in statistics, not random opinions found on random blogs.

      I wish people like you would, because the statistics would tell you that the most used project is also the most searched for in terms of security issues. Should be logical, but then, every salesman needs his pitch, I guess.

      1. Mine is better than yours said on September 3, 2022 at 6:12 pm
        Reply

        Firefox is better than Brave. That is the fact.

      2. Tom Hawack said on September 4, 2022 at 12:02 pm
        Reply

        @Mine, undoubtedly IMO as well. “Truth does not wait for the number of votes” to quote mahatma Gandhi.
        Democracy is the right for all to express themselves and decide accordingly, not the expression of truth on the ground of a majority’s choices.

      3. Iron Heart said on September 7, 2022 at 6:02 am
        Reply

        “Truth does not wait for the number of votes”

        Talking about truth when it’s clearly a matter of taste. Your personal truth maybe, topped off with a smart ass quote that is not your own and which does not apply to the context. Good work there, Tom.

  21. Yash said on September 3, 2022 at 7:47 am
    Reply

    Chuckle.

  22. Cor Invictus said on September 3, 2022 at 7:02 am
    Reply

    “it may take days or even weeks before the rollout completes”
    Not sure about that but brave is almost instantly getting those updates. It’s 105.0.5195.102. Some people don’t get too much sleep.

    1. adobe flash said on September 3, 2022 at 1:32 pm
      Reply

      just another zero-day patch day at chromium you guys, nothing to worry about – chromium are so used to it by now, it’s no longer relevant

      if they’re patching 20 to 30 security exploits a month, and zero-day in-the-wild’s every month or two, just imagine how many they HAVEN’T caught

      1. Iron Heart said on September 3, 2022 at 3:09 pm
        Reply

        @adobe

        > just another zero-day patch day at chromium you guys

        Yeah, it never happens elsewhere…

        https://www.ghacks.net/2022/09/01/thunderbird-102-2-1-launches-with-important-security-fixes/

        > if they’re patching 20 to 30 security exploits a month, and zero-day in-the-wild’s every month or two, just imagine how many they HAVEN’T caught

        There’s a better chance to catch zero days if the codebase is actually being used and scrutinized. You know who works with Chromium code? Not just Google, but also Microsoft, Opera, Amazon, Brave Software, Vivaldi Technologies, Intel, and thousands upon thousands of Electron apps. Who uses the Firefox codebase? Just Mozilla and the undermanned Tor Project, LOL.

        It’s easy to find nothing when nobody uses your shit or bases any kind of software on it. Firefox has shoddy security practices and is 5 years behind Chromium minimum in terms of security. That’s just the facts. They don’t even have real site isolation (different parent domains can still share the same content process) or a sandbox over there, making escapes and exploits child’s play. The project with more users and devs working on it will have more security issues discovered, doesn’t mean the security practices of competitors are better when they are not as used and tested. Firefox is to Chromium what Solana is to Ethereum, if you know what I mean. A laughing stock.

      2. Anonymous said on September 5, 2022 at 11:28 am
        Reply

        You make it sound like only Mozilla and Tor contribute to Gecko, but for example Igalia does too. And BTW, Igalia is the biggest contributor to Blink after Google, but it’s not in your list.

        I agree that more fixed vulnerabilities doesn’t mean that Chromium is worse. But Firefox being “5 years behind Chromium” is your opinion, not a fact. How do you even measure security in years?

      3. Iron Heart said on September 5, 2022 at 1:13 pm
        Reply

        @Anonymous

        > Igalia

        Fair enough. Will include them going forward, I don’t think this fixes the basic issue of the Gecko code base maintenance. Even if you include Igalia (who contribute to almost every somewhat major open source project, look it up), this is still not widespread organizational backing compared to what Chromium has behind it. 3 orgs instead of 2, which is still a low count, does not at all invalidate the manpower shortage in comparison.

        > opinion, not a fact

        It’s not only my opinion. Read the Madaidan’s Firefox vs. Chromium article (or what D. Micay has to say about FF) and you will probably agree, I find the comparison fair and not biased.

        > How do you even measure security in years?

        In terms of when things got implemented? Firefox still misses exploit mitigations that Chromium already had several years ago. Of course, in theory, they could catch up immediately and implement them all at once, but we both know that this is not realistic at all. Them continuing to lack behind (taking years to catch up) is reality.

      4. Cor Invictus said on September 3, 2022 at 2:14 pm
        Reply

        ” just imagine how many they HAVEN’T caught”

        How many?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.