![]() When Chromium is used as a flatpak, its metadata file ('/var/lib/flatpak/app/ post was originally published on it has since been updated and revised. The attacker could, with his exploit, gain write access on '/' and add / change / alter system files. (*): As an example, suppose an attacker exploits a vulnerability in Chromium giving him privileges escalation he writes an attractive web page, with malicious code inside when a user opens the page in its browser, the exploit is executed. Attacker would need to find and exploit two vulnerabilities (one in the browser, one in the sandbox) at the same time to make his attack. To be protected against vulnerabilities, best way is to use browsers in a sandbox (flatpak (*), snap, firejail). However, Firefox and Ungoogled-Chromium better respect users' privacy than Chrome. No browser is inherently secure in Firefox, Chrome or Chromium, vulnerabilities are often patched, just read the release notes to be convinced (in the latest Chrome / Chromium for desktop stable release, 4 vulnerabilities have been fixed, each classified as high). The fact that bugs can persist during 20 years simply shows that they are not tracked adequately: most often, developers prefer to add new features than to track bugs.įOSS is not inherently more secure it just protects user better against backdoors, tracking code, voluntarily let in the code but FOSS is not inherently better against bugs or vulnerabilities. Before this action, the list of Most Annoying Bugs for a final version still contained several tens of bugs. ![]() Years ago, LibreOffice people stopped the development and decided to track bugs with automated tools. More generally, remaining bugs depend on the effort made to track them. I am aware of a lot of bugs (and principle defects) in a lot of encryption programs.īugs are difficult to track particularly if they come from a defective analysis / needs specifiation based on complex defective maths. Though I sometimes use Windows, MacOS, iOS. I prefer Linux to Windows or MacOS I prefer Firefox, Chromium or Ungoogled-chromium to Google Chrome, Opera, Vivaldi, Microsoft Edge, Apple Safari. PS: Nothing against Vivaldi, it is just a general principle when OpenSource software exists, I prefer to use it than its undisclosed source equivalent. And, among these bugs, some are vulnerabilities. OpenSource and undisclosed source software have and will always have bugs (it is a proverb: there is always one more bug). This is not related to bugs and vulnerabilities. It is the principle of OpenSource: you may be more confident about the content with undisclosed source software you don't know at all what is inside the software you use: there could be anything, including backdoors (Richard Stallman has identified some eleven ones in Windows, and this even without having the code). ![]() ![]() It gives them more confidence, since people who compile know they used the original code, not an altered one. Some even compile the code! (your favorite distro for Firefox and Chromium, for example, or the authors of ungoogled-chromium). Even if you don't review the source code yourself, some people do it (or use software tools to dot it) and they verify that the code does not contain any malicious part, any backdoor. ![]()
0 Comments
Leave a Reply. |