On Fri, Jan 17, 2025 at 8:30 PM Max Nikulin <maniku...@gmail.com> wrote: > > On 18/01/2025 07:34, George at Clug wrote: > > Would I be correct in assuming this is because the version of Chromium > > (as in its features) are being updated within Debian 12 > > Major browsers are an exception. Security fixes are frequent and > massive. The upstream teams do not maintain stable versions with support > period comparable to Debian stable. It would be too much burden for > Debian maintainers to track and backport security fixes. > > That is why latest Chromium release is available in bookworm. Firefox > and Thunderbird packages follow ESR version, so 102 to 115 to 128 > updates with point releases approximately every month.
Related, if you want to harden your browser, then disable JIT'd code. JIT is responsible for about half the browser bugs. Also see <https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/> > In Ubuntu it was one of the reasons why they seized building .deb > packages for browsers and switched to snap. Latest releases may rely on > features unavailable in development tools from LTS distributions. A > complete container independent of the system alleviates some issues. > > I like that Debian developers and maintainers are still able to build > .deb packages for browsers. Jeff
