IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [chromium]

20 questions
29
votes
1 answer

Conflicting security messages about "chrome://settings" page; is it secure or not?

Accessing the chrome://settings page, I see two things contradicting each other: The ribbon below the address bar shows "You're viewing a secure Chromium Page." On the other hand, the security overview under the security tab in Chromium developer…
C0deDaedalus
  • 728
  • 1
  • 8
  • 17
11
votes
3 answers

How to securely run Puppeteer / Chromium in a Docker container?

Attempting to run Puppeteer, a Node library to control a headless Chromium (in order to do things like create a PDF of a website), in Docker is a surprisingly fiddly thing. The problem is that, from my understanding, to run as root, you need the…
Torque
  • 211
  • 2
  • 4
11
votes
1 answer

Why is one of three browsers (Chromium) reporting an invalid HTTPS certificate?

A few days ago, Chromium started to report Flickr's certificate as problematic: The server presented a certificate that was not publicly disclosed using the Certificate Transparency policy. This is a requirement for some certificates, to ensure…
Arseni Mourzenko
  • 4,644
  • 6
  • 20
  • 30
9
votes
2 answers

Does the "auto formfill" feature in Chromium-based browsers actually send this to the webpage?

I use Vivaldi. I have previously filled in forms where I used a certain name and e-mail. Today I cleared the browser data except for the autofill stuff. Then I went to Stack Exchange to register an account. It's pre-populated with an e-mail address…
Javiair
  • 107
  • 2
7
votes
1 answer

Privacy with Chromium?

How private is Chromium for Windows, Linux and Android? Will a standard Chromium installation contain code that will phone home to Google or otherwise send out identifying information? Are there other possible privacy implications with Chromium /…
mikkalm
  • 81
  • 1
  • 2
6
votes
2 answers

Chromium Malware (possible) on my Linux Machine

Running Chromium 60.0.3112.11 on Linux Ubuntu 16.04 Chromium attempts to access my Linux machine's media upon autocompleting bankofamerica.com, wellsfargo.com, americanexpress.com, or discover.com. Chromium also attempts to access my Linux…
anon
  • 69
  • 3
5
votes
0 answers

How does Chrome distrust Symantec Certificates?

Sometime back Google Chrome had announced plans to distrust Symantec certificates. I am trying to figure out how this is done for a POC. When I visit chase.com on Google Chrome, I get the following message in the dev console: The SSL certificate…
Krishnaraj
  • 163
  • 4
3
votes
0 answers

How/When does Chrome queries Certificate Transparency (CT) log servers to ask for inclusion proof of certificates and how can I debug them?

I’ve been trying to understand how does Chrome interact with CT log servers. According to what I’ve read so far, Chrome sends inclusion proof requests (“GET https:///ct/v2/get-proof-by-hash” -…
flopoe
  • 31
  • 2
3
votes
0 answers

HTML link with "noopener" and/or "noreferrer" in Chrome/Chromium results in unexpected behaviour

There are several attacks possible when embedding links with target="_blank". This is where rel="noopener" and rel="noreferrer" should help. I am expecting that clicking the following link
Anderson
  • 131
  • 2
2
votes
2 answers

Where to put SAN

Where SAN means: Subject Alternative Name. I feel I have a basic misunderstanding in which certificate the SAN stuff shall go: ca or server or both or what? It might be 3 Years or more in the past, where chrome / chromium browsers required the…
woodz
  • 131
  • 1
  • 6
2
votes
1 answer

Are the details about the Widevine bug now public?

There was a bug in Widevine last year which enabled downloading Encrypted Media Extension Content. They stated that they would give full details after 90 days. Was this meant for public disclosure or full details only to a set of parties? The…
user2284570
  • 1,402
  • 1
  • 14
  • 33
1
vote
0 answers

How am I supposed to trust binaries "submitted by anyone"?

I finally found a Chromium fork which appears to have made a serious effort to remove all the Google cancer. Sadly, I see this: https://ungoogled-software.github.io/ungoogled-chromium-binaries/ IMPORTANT: These binaries are provided by anyone who…
Ziad
  • 11
  • 1
1
vote
1 answer

restoring logged out gmail session in running instance of chromium browser?

My situation is: +I have created a special purpose gmail account +I used a complicated password to protect the account. On purpose, I did not use any 2FA options are a "reset" email address or phone number +I unintentionally logged out before…
kinda.autistic
  • 13
  • 2
1
vote
0 answers

What is the essence of Google Chrome’s new controversial sign-in feature?

What is the essence of Google Chrome’s new controversial sign-in feature? How does it work and how does it differ from what was it before? What is the danger of it? Is Chromium affected?
R S
  • 225
  • 2
  • 7
1
vote
1 answer

chrome is launched and tries to open a wierd website

I have this wierd problem that once in a while (I guess mostly when I plug my laptop to adapter) chromium is lauched by itself and loads this wbesite: http://gestyy.com/wPEFwy I can guess that there might be a trojan or a cpu/gpu miner or another…
sepisoad
  • 213
  • 2
  • 7
1
2