Package: chromium Version: 43.0.2357.65-1 Severity: serious Tags: security upstream Justification: Policy 2.1.2 Control: forwarded -1 https://code.google.com/p/chromium/issues/detail?id=491435
Dear Maintainer, After upgrading chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading "Chrome Hotword Shared Module" extension, which contains a binary without source code. There seems no opt-out config. $ chromium --temp-profile & $ find /tmp/tmp.*/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/ /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/ /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja/hotword.data /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja/hotword-x86-64.nexe $ file /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja/hotword-x86-64.nexe /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja/hotword-x86-64.nexe: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=24d25d55886dca48921031d6928b0a34f5659830, stripped -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages chromium depends on: ii libasound2 1.0.28-1 ii libatk1.0-0 2.16.0-2 ii libc6 2.19-18 ii libcairo2 1.14.2-2 ii libcups2 1.7.5-11 ii libdbus-1-3 1.8.18-1 ii libexpat1 2.1.0-6+b3 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-4 ii libgdk-pixbuf2.0-0 2.31.4-1 ii libglib2.0-0 2.44.1-1 ii libgnome-keyring0 3.12.0-1+b1 ii libgtk2.0-0 2.24.25-3 ii libharfbuzz0b 0.9.40-3 ii libjpeg62-turbo 1:1.4.0-7 ii libnspr4 2:4.10.8-1 ii libnss3 2:3.19-1 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpci3 1:3.2.1-3 ii libspeechd2 0.8-7 ii libspeex1 1.2~rc1.2-1 ii libsrtp0 1.4.5~20130609~dfsg-1.1 ii libstdc++6 5.1.1-7 ii libx11-6 2:1.6.3-1 ii libxcomposite1 1:0.4.4-1 ii libxcursor1 1:1.1.14-1+b1 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes3 1:5.0.1-2+b2 ii libxi6 2:1.7.4-1+b2 ii libxml2 2.9.1+dfsg1-4 ii libxrandr2 2:1.4.2-1+b1 ii libxrender1 1:0.9.8-1+b1 ii libxslt1.1 1.1.28-2+b2 ii libxss1 1:1.2.2-1 ii libxtst6 2:1.2.2-1+b1 ii x11-utils 7.7+3 ii xdg-utils 1.1.0~rc1+git20111210-7.4 chromium recommends no packages. Versions of packages chromium suggests: ii chromium-l10n 43.0.2357.65-1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
