Chrome was updated September 11
Matrix Element Desktop updated September 15, without a changelog or advisory. (The Element update on September 13 did not include the updated electron with the fix; today’s update does, according to their announcement on Matrix.)
Many/most electron apps don’t receive timely security updates, so if you don’t want arbitrary images to be able to get code execution you might want to stop using them.
Electron apps are such a joke, honestly.
On ArchLinux, many Electron apps use a central installation of Electron that is kept up to date by the package manager. That works pretty well.
Of course, snap-based distributions like Ubuntu and other systems without a proper package manager like macOS and Windows can’t do it like that.
That’s pretty cool. I’m wondering how often this leads to compatibility problems.
Still, nothing comes close to a native UI experience.
Still, nothing comes close to a native UI experience.
That’s not really well defined on Linux. It feels like every application comes with its own toolkit and its own behavior. Even on Windows, there is a mixture of three different generations of Windows UI systems (Windows XP-style, Windows 8-style, Fluent) that are completely different.
And Firefox and Thunderbird as well. Updates for everything are available.
More reason I wish devs would stop using Electron and stick to PWAs. Then you only have to update a single browser.
Guess it’s time to finally retire Bromite
Have you tried Cromite? Its forked from Bromite by one of the original developers, except kept up to date and actively maintained, plus improved constantly, etc.
Thanks as a former Bromite user I had no idea this existed.
Can’t use it as I have a 32bit phone and the dev refuses to provide a 32bit binary (and won’t explain why, referring to some nonexistent past discussion)
https://github.com/uazo/bromite-buildtools/issues/59
issue poster: if it’s possible for you, to release 32-bit build
uazo: no, see #41
https://github.com/uazo/bromite-buildtools/issues/41
issue poster: can you please also build arm-v7 version of current Bromite?
uazo: no, sorry. my current build system does not allow this due to an issue in sysbox
Edit: also:
https://github.com/uazo/cromite/issues/146
uazo: sysbox does not support 32-bit applications in 64-bit containers. the build without it works (as I think you did), but my server runs with sysbox.
Ah, that’s unfortunate. Then yeah, I guess your best bet is to stick to a Firefox based browser (that’s my recommendation personally, I use Mull), or if you still need Chromium, I think Brave is the best option atm.
I only use Bromite at this point for some streaming stuff which don’t work so well on FF based browsers, and Mulch always pauses playback when minimised… Bloody annoying. I didn’t want to use Brave, but I guess I might have to try it.
I keep hearing “exploited in the wild”, but does anyone have anything concrete on it — like, IoCs, PoC, victims … anything?