Debian's Chromium uses official builds; Dev/Chromium has outdated sources

From “Chromium Debian Package Security” in Dev/Chromium on the Kicksecure Wiki:

The Debian Chromium package is not a production build so basic security features like sandboxing, ASLR and CFI are crippled or nonexistent.

This isn’t true as of January 2022, as chromium-team/chromium@20fe994a1bc3c244ddfc42b5dc5d3c386cbfb372 enabled it and it has been enabled since. I believe that madaidan, nor anyone else simply hasn’t bothered updating it. Either way, I want to make it known, even if it doesn’t really improve the situation.

Cheers!

To correct myself, this is actually partially true still. CFI remains disabled likely due to build failures and other architectures not supporting it, which will probably change once kCFI makes it into GCC. I’ll remain hopeful but it can be said that CFI is not enabled.

Archived, noindexed that wiki page. And added a bigger notice on top.

DISCLAIMER: This is only a collection of mostly user contributed notes. Unreviewed.

This page is archived.

This page is noindexed. See Wikipedia noindex.

This wiki page was last updated in 2022 or earlier. It was relevant in context of Kicksecure Default Browser - Development Considerations. Nowadays since Browser Choice - Browser Selection Installer Dialog exists, this is no longer development focus.

Forum discussion: Debian's Chromium uses official builds; Dev/Chromium has outdated sources

Works for me, I would have asked it would be corrected and THEN archived but this works well enough. Thanks!