Package: chromium Version: 89.0.4389.82-1 Severity: important Tags: security
I got an orange "Update" prompt near the omnibar today, as usual when a separately packaged Chrome installation wants to update itself. But this is not expected behaviour from the Debian packaged Chromium. I tried clicking on it and it appeared to go through the motions and restarted itself (very quickly, such that I don't think it can have actually done any updates). The browser is still running from /usr/lib/chromium/chromium (and isn't running as root). At the very least, this is confusing to the users who be misled into thinking that their browser has had secuirity fixes applied when it hasn't. And at worst, it's somehow managing to download code from the internet and run it. -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-3-amd64 (SMP w/4 CPU threads) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages chromium depends on: ii chromium-common 89.0.4389.82-1 ii libasound2 1.2.4-1.1 ii libatk-bridge2.0-0 2.38.0-1 ii libatk1.0-0 2.36.0-2 ii libatomic1 10.2.1-6 ii libatspi2.0-0 2.38.0-2 ii libavcodec58 7:4.3.2-0+deb11u1 ii libavformat58 7:4.3.2-0+deb11u1 ii libavutil56 7:4.3.2-0+deb11u1 ii libc6 2.31-9 ii libcairo2 1.16.0-5 ii libcups2 2.3.3op2-3 ii libdbus-1-3 1.12.20-2 ii libdrm2 2.4.104-1 ii libevent-2.1-7 2.1.12-stable-1 ii libexpat1 2.2.10-2 ii libflac8 1.3.3-2 ii libfontconfig1 2.13.1-4.2 ii libfreetype6 2.10.4+dfsg-1 ii libgbm1 20.3.4-1 ii libgcc-s1 10.2.1-6 ii libgdk-pixbuf-2.0-0 2.42.2+dfsg-1 ii libglib2.0-0 2.66.7-2 ii libgtk-3-0 3.24.24-3 ii libharfbuzz0b 2.7.4-1 ii libicu67 67.1-6 ii libjpeg62-turbo 1:2.0.6-2 ii libjsoncpp24 1.9.4-4 ii liblcms2-2 2.12~rc1-2 ii libminizip1 1.1-8+b1 ii libnspr4 2:4.29-1 ii libnss3 2:3.61-1 ii libopenjp2-7 2.4.0-3 ii libopus0 1.3.1-0.1 ii libpango-1.0-0 1.46.2-3 ii libpng16-16 1.6.37-3 ii libpulse0 14.2-2 ii libre2-9 20210201+dfsg-1 ii libsnappy1v5 1.1.8-1 ii libstdc++6 10.2.1-6 ii libvpx6 1.9.0-1 ii libwebp6 0.6.1-2+b1 ii libwebpdemux2 0.6.1-2+b1 ii libwebpmux3 0.6.1-2+b1 ii libx11-6 2:1.7.0-2 ii libxcb1 1.14-3 ii libxcomposite1 1:0.4.5-1 ii libxdamage1 1:1.1.5-2 ii libxext6 2:1.3.3-1.1 ii libxfixes3 1:5.0.3-2 ii libxml2 2.9.10+dfsg-6.3+b1 ii libxrandr2 2:1.5.1-1 ii libxshmfence1 1.3-1 ii libxslt1.1 1.1.34-4 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages chromium recommends: ii chromium-sandbox 89.0.4389.82-1 Versions of packages chromium suggests: pn chromium-driver <none> pn chromium-l10n <none> pn chromium-shell <none> Versions of packages chromium-common depends on: ii libc6 2.31-9 ii libstdc++6 10.2.1-6 ii libx11-6 2:1.7.0-2 ii libxext6 2:1.3.3-1.1 ii x11-utils 7.7+5 ii xdg-utils 1.1.3-4 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages chromium-common recommends: ii chromium-sandbox 89.0.4389.82-1 ii fonts-liberation 1:1.07.4-11 ii libgl1-mesa-dri 20.3.4-1 pn libu2f-udev <none> ii notification-daemon 3.20.0-4 ii system-config-printer 1.5.14-1 ii upower 0.99.11-2 ii xfce4-notifyd [notification-daemon] 0.6.2-1 Versions of packages chromium-sandbox depends on: ii libc6 2.31-9 -- no debconf information
