Bug#856169: Chromium installs a setuid binary without obvious need nor warning
control: severity -1 wishlist control: retitle -1 chromium: switch to namespace sandbox The sandbox is a necessary security feature. A bug years ago doesn't necessarily mean that it is faulty today. There are lots of new security bugs in chrome every few weeks, and rarely do they have to do with the sandbox. That said, there is a more modern sandboxing approach that uses namespaces [0], but it is too late to change to it for stretch. Best wishes, Mike [0]https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandboxing.md
Bug#856169: Chromium installs a setuid binary without obvious need nor warning
Package: chromium Version: 56.0.2924.76-1~deb8u1 Chromium's .deb install a suid root binary (/usr/lib/chromium/chrome-sandbox), potentially exposing the user's system to hostile javascripts downloaded from the untrusted web. This has already been exploited in the past: https://bugs.chromium.org/p/chromium/issues/detail?id=76542 Debian packages should not expose users' systems to these kinds of risks without informed consent. Alain
