[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#49029: ungoogled-chromium failed to disable malware extension The Gr
|
From: |
Leo Famulari |
|
Subject: |
bug#49029: ungoogled-chromium failed to disable malware extension The Great Suspender |
|
Date: |
Wed, 16 Jun 2021 12:31:20 -0400 |
On Tue, Jun 15, 2021 at 01:59:44PM -0300, Jorge P. de Morais Neto wrote:
> I can accept a reasonable trade-off, but I still believe this should be
> actively communicated to users. It is not obvious. If had known that
> before, I would certainly have been more careful with extensions.
> Indeed, now that I know, I have not only deleted my old
> (ungoogled-)Chromium profile, but also, on the new profile, I installed
> only HTTPS Everywhere and Privacy Badger extensions. I have also
> changed an important password that I remember having used on the
> malware-infected Chromium.
That trade-off applies for everything we package: in general, Guix
packages will be less up to date than what upstream offers, and thus
probabilistically more buggy and, based on your threat model, they may
be "less secure". It's the same for any distro.
But, the situation is exacerbated for Chromium, which is developed very
rapidly and has the most complete and advanced security posture of
probably any program in use right now. I guess that's what hundreds of
billions of dollars in annual revenue can buy.
Chromium, and web browsers in general, also have the most dire security
exposure, because most computer users do *everything* in their browser,
and because they are used to interact with untrusted data (the
internet). Chrome / Chromium is the "juiciest" target for attackers.