*** This bug is a security vulnerability *** Public security bug reported:
Users installing Chrome from the official Google download site (https://www.google.com/chrome/browser/desktop/index.htm) get an additional repository added that works as the only mechanism for security and version updates for Chrome on Ubuntu. Upgrading Ubuntu to a new version silently (or at least with a hard to associate message) disables this repository without uninstalling Chrome, leaving users with a working but permanently frozen version of Chrome. This leaves users open to all Chrome security problems found after the upgrade and poses a severe security issue. Disabling a repository without uninstalling applications relying on it for security updates is just not a sane default and a lot worse than breaking applications because the repository doesn't have versions for the new release. In the case of Chrome leaving the repository activated would have resulted in the right behavior. I've been using Linux for over 10 years and noticed this happening on my mums computer only because Gmail pointed out that the Chrome version was no longer supported. ** Affects: update-manager (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1424577 Title: Upgrade breaks Chrome update mechanism leaving users without any security updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1424577/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
