On mer., 2015-05-27 at 01:23 +0900, YOSHINO Yoshihito wrote: > Package: chromium > Version: 43.0.2357.65-1 > Severity: serious > Tags: security upstream > Justification: Policy 2.1.2 > Control: forwarded -1 > https://code.google.com/p/chromium/issues/detail?id=491435 > > Dear Maintainer, > > After upgrading chromium to 43, I noticed that when it is running and > immediately after the machine is on-line it silently starts downloading > "Chrome Hotword Shared Module" extension, which contains a binary without > source code. There seems no opt-out config. > > $ chromium --temp-profile & > $ find > /tmp/tmp.*/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/ > /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/ > /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja > /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja/hotword.data > /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja/hotword-x86-64.nexe > $ file > /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja/hotword-x86-64.nexe > /tmp/tmp.YClr3VfmnS/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg/0.3.0.5_0/_platform_specific/x86-64_ja/hotword-x86-64.nexe: > ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, > BuildID[sha1]=24d25d55886dca48921031d6928b0a34f5659830, stripped
Even worse, that extension: - doesn't appear in the extension list; - is apparently used to provide an “ok google” voice activation stuff. That's definitely not the stuff we'd like installed by default, without the user knowing (even if it's supposedly not installed). Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
