Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads

Discussion in 'all things UNIX' started by summerheat, Nov 17, 2016.

  1. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,865
    https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html

    Not good :(

    EDIT: I'm not using Ubuntu (but Fedora ;) ) but I've just read that it already got an update for gstreamer1.0-plugins-bad which fixes this vulnerability. I guess Fedora will get it soon - and I'm using Firefox anyhow ... :)
     
    Last edited: Nov 18, 2016
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    Yaaaay, more insecurity from software bloat. Does anyone even use Tracker to index media files? Heck, does anyone use GStreamer instead of VLC or MPlayer?
     
  3. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,865
    Not only Linux is affected: That auto-download "feature" of Google Chrome (and Microsoft Edge) is also a risk on Windows.
     
  4. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,098
    Location:
    Brasil
    This is great news, but I'd like to see Google and Fedora fix their **** too.

    I've always seen gstreamer-plugins-bad as an actually bad collection which has poor code review and poor security implementations, that's why I don't use it. I only use the "base" and "good" packages. But kudos to them for fixing it so quickly :thumb:
     
  5. Anonfame1

    Anonfame1 Registered Member

    Joined:
    May 25, 2016
    Posts:
    224
    Unfortunately my music player of choice does. It can use other avenues, but not support all the different filetypes I use. That said, I dont have that player go online either, and I certainly dont have gstreamer support in my browser.

    People have really been sounding the doom bells lately in regards to Linux security- and yet Windows gets security holes that are massive in comparison. Im not sure I really understand why?

    Shills? People that want to justify their unwillingness to leave the Windows sphere? I mean its fine to point this stuff out (good even), but with all the clickbait fear-mongering article titles (go check out reddit- wow) youd think someone found a massive security hole that allows people to pwn all Linux versions with root access. That is most certainly not what the case is...

    Different here of course- we tend to avoid hyperbole in this community which is certainly the most constructive and rational approach...
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,757
    Location:
    Slovenia
    http://arstechnica.com/security/201...scores-serious-concerns-about-linux-security/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.