Hi there,
Looks like the following folder has wrong permissions:
drwx------ 1 root root 24 Jan 29 11:35 /usr/share/doc/google-chrome-stable
Anyway, thanks for the package ;)
Search Criteria
Package Details: google-chrome 130.0.6723.116-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/google-chrome.git (read-only, click to copy) |
---|---|
Package Base: | google-chrome |
Description: | The popular web browser by Google (Stable Channel) |
Upstream URL: | https://www.google.com/chrome |
Keywords: | chromium |
Licenses: | custom:chrome |
Submitter: | None |
Maintainer: | gromit |
Last Packager: | gromit |
Votes: | 2243 |
Popularity: | 7.00 |
First Submitted: | 2010-05-25 20:25 (UTC) |
Last Updated: | 2024-11-05 19:02 (UTC) |
Dependencies (12)
- alsa-lib
- gtk3 (gtk3-no_deadkeys_underlineAUR, gtk3-classicAUR, gtk3-classic-xfceAUR, gtk3-patched-filechooser-icon-viewAUR)
- libcups (libcups-gitAUR, cups-gitAUR, libcups-gssapiAUR)
- libxss
- libxtst
- nss (nss-hgAUR)
- ttf-liberation (ttf-defenestrationAUR)
- xdg-utils (busking-gitAUR, xdg-utils-slockAUR, mimiAUR, mimi-gitAUR, xdg-utils-handlrAUR, openerAUR, xdg-utils-mimeoAUR, mimejs-gitAUR)
- gnome-keyring (gnome-keyring-gitAUR) (optional) – for storing passwords in GNOME keyring
- kdialog (kdialog-gitAUR) (optional) – for file dialogs in KDE
- kwallet (kwallet-gitAUR) (optional) – for storing passwords in KWallet
- pipewire (pipewire-gitAUR, pipewire-full-gitAUR) (optional) – WebRTC desktop sharing under Wayland
Required by (40)
- bitwarden-chromium (optional)
- captive-browser-git (optional)
- chrome-extension-bitwarden-git (optional)
- chrome-extension-ocrs-git
- chromedriver (optional)
- chromium-extension-adnauseam (optional)
- chromium-extension-autoscroll (optional)
- chromium-extension-plasma-integration (optional)
- chromium-extension-runet-censorship-bypass (optional)
- chromium-material-icons-for-github-bin (optional)
- chromium-vencord (optional)
- chromium-vencord-bin (optional)
- chromium-vencord-git (optional)
- dedao-dl-bin (optional)
- endpoint-verification-chrome
- endpoint-verification-minimal
- ff2mpv-go-git (optional)
- ff2mpv-rust (optional)
- hub-kids (optional)
- hub-young (optional)
- ice-ssb (optional)
- ice-ssb-git (optional)
- kget-integrator-chrome (optional)
- lastpass (optional)
- marp-cli (optional)
- nfauthenticationkey (optional)
- pearson-reader-plus-full-lang (optional)
- pennywise-bin (optional)
- pt-plugin-plus-bin (optional)
- pt-plugin-plus-git (optional)
- python-nativemessaging-ng (optional)
- python-webdriver-manager (check)
- quick-n-easy-web-builder-10 (optional)
- sshcode-bin (optional)
- uget-integrator-chrome (optional)
- upload-gphotos (optional)
- web-media-controller-mpris (optional)
- web-media-controller-mpris-git (optional)
- webchanges (optional)
- webui-aria2-git (optional)
Sources (3)
Latest Comments
« First ‹ Previous 1 .. 87 88 89 90 91 92 93 94 95 96 97 .. 157 Next › Last »
Moviuro commented on 2015-02-12 07:07 (UTC)
Det commented on 2015-02-11 13:30 (UTC)
@mgb, that's for Chrome OS: http://googlechromereleases.blogspot.com
Det commented on 2015-02-07 17:10 (UTC)
This is true.
weirddan455 commented on 2015-02-07 17:01 (UTC)
We're getting the checksum from you though, not from Google, and you have nothing from Google to verify the file against. If someone were to replace the file on Google's server with a malicous one (which, yes, is unlikely but not impossible. Google could be hit with a 0 day vaunerability just like anyone else) then you would update the checksum on the PKGBUILD thinking the file was legitamite. That only needs one point of entry.
If Google were using PGP signautures then that would require two points of entry. The attacker would have to both replace the file AND steal Google's private key to sign the file.
Det commented on 2015-02-07 16:36 (UTC)
@weirddan455, that's assuming, of course, that you'd be able to break into two distinct places.
The only practical way to do Google is to be walking into the server room, hogging a few, and coming up with a great excuse.
@ilpianista, are you using Manjaro, or did you touch the line below "Symlinking missing Udev lib..."?
ilpianista commented on 2015-02-07 16:26 (UTC)
/opt/google/chrome/chrome: error while loading shared libraries: libudev.so.0: cannot open shared object file: No such file or directory
weirddan455 commented on 2015-02-07 14:28 (UTC)
Any checksum, no matter the algorithm, won't protect you from someone malicously altering the file. Reason being is that if someone manages to replace the file you're downloading it probably wouldn't be too hard for them to simply replace the checksum as well to match the malicous file.
The only thing the checksum is good for the way we use it here is to protect against accidental data corruption during the download. MD5 will work just fine for that. Hell even CRC would probably do the job.
If you want real data integrety protection, we really PGP signatures. Sadly I don't think Google signs their Chrome DEBs though.
Det commented on 2015-02-07 05:38 (UTC)
We can learn something new every day, but now that the aftermath of my controversial and time-consuming edit[1] for our awesome Wiki admin, Kynikos, has been settled[2], I've now explained the differences between collision and preimage vulnerabilities in MD5, SHA-1 and SHA-2 in the PKGBUILD article: https://wiki.archlinux.org/index.php/PKGBUILD#Integrity_variables
This took quite a bit of researching, but it basically means that having MD5 checksums for file integrity are actually fine for now. You don't want to use it for SSL certificates, but carrying out a successful preimage attack requires, even in theory, approximately 2^123.4 ≈ 1.4 × 10^37 operations, which is completely impractical.
[1] = https://wiki.archlinux.org/index.php?title=PKGBUILD&diff=359592&oldid=359584
[2] = https://wiki.archlinux.org/index.php/Talk:PKGBUILD#pkgdir
tormund commented on 2015-02-06 18:10 (UTC)
Latest release won't let you press enter to search terms in the omnibox, but it will let you go to suggested websites.
Pinned Comments
gromit commented on 2023-04-15 08:22 (UTC) (edited on 2023-05-08 21:42 (UTC) by gromit)
When reporting this package as outdated make sure there is indeed a new version for Linux Desktop. You can have a look at the "Stable updates" tag in Release blog for this.
You can also run this command to obtain the version string for the latest chrome version:
Do not report updates for ChromeOS, Android or other platforms stable versions as updates here.