FS#45349 - [chromium] disable automatic download and execution an external binary for "voice search"
Attached to Project:
Arch Linux
Opened by marchionne (marchionne) - Tuesday, 16 June 2015, 14:42 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 16 June 2015, 15:55 GMT
Opened by marchionne (marchionne) - Tuesday, 16 June 2015, 14:42 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 16 June 2015, 15:55 GMT
|
Details
Here's the original ticket:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909 Result of: chrome://voicesearch/ Chromium 43.0.2357.125 () Sistema operativo Linux NaCl Enabled No Microphone Yes Audio Capture Allowed Yes Current Language it Hotword Previous Language it Hotword Search Enabled No Always-on Hotword Search Enabled No Hotword Audio Logging Enabled No Field trial Start Page State No Start Page Service Extension Id nbpagnldghgfoolbancepceaanlmhfmd Extension Version 0.0.1.4 Extension Path /usr/lib/chromium/resources/hotword Extension State ENABLED Shared Module Id lccekmodgklaepjeofjdjpbminllajkg Shared Module Version 0.3.0.5 Shared Module Path /home/jigen/.config/chromium/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0 Shared Module State ENABLED Shared Module Platforms x86-32_it So archlinux seems not to have updated it yet. Also, this incident totally defeats the concept of open source projects and package signing sicne a signed and 'trusted' package actually downloaded and executed an unsigned, not open source, binary without any interaction of the user. This is exactly what a 'dropper' is in malware language. |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Tuesday, 16 June 2015, 15:55 GMT
Reason for closing: Implemented
Additional comments about closing: chromium 43.0.2357.125-2
Tuesday, 16 June 2015, 15:55 GMT
Reason for closing: Implemented
Additional comments about closing: chromium 43.0.2357.125-2