We can learn something new every day, but now that the aftermath of my controversial and time-consuming edit[1] for our awesome Wiki admin, Kynikos, has been settled[2], I've now explained the differences between collision and preimage vulnerabilities in MD5, SHA-1 and SHA-2 in the PKGBUILD article: https://wiki.archlinux.org/index.php/PKGBUILD#Integrity_variables
This took quite a bit of researching, but it basically means that having MD5 checksums for file integrity are actually fine for now. You don't want to use it for SSL certificates, but carrying out a successful preimage attack requires, even in theory, approximately 2^123.4 ≈ 1.4 × 10^37 operations, which is completely impractical.
[1] = https://wiki.archlinux.org/index.php?title=PKGBUILD&diff=359592&oldid=359584
[2] = https://wiki.archlinux.org/index.php/Talk:PKGBUILD#pkgdir
Search Criteria
Package Details: google-chrome 131.0.6778.85-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/google-chrome.git (read-only, click to copy) |
---|---|
Package Base: | google-chrome |
Description: | The popular web browser by Google (Stable Channel) |
Upstream URL: | https://www.google.com/chrome |
Keywords: | chromium |
Licenses: | custom:chrome |
Submitter: | None |
Maintainer: | gromit |
Last Packager: | gromit |
Votes: | 2248 |
Popularity: | 10.09 |
First Submitted: | 2010-05-25 20:25 (UTC) |
Last Updated: | 2024-11-19 19:19 (UTC) |
Dependencies (12)
- alsa-lib
- gtk3 (gtk3-no_deadkeys_underlineAUR, gtk3-classicAUR, gtk3-classic-xfceAUR, gtk3-patched-filechooser-icon-viewAUR)
- libcups (libcups-gitAUR, cups-gitAUR, libcups-gssapiAUR)
- libxss
- libxtst
- nss (nss-hgAUR)
- ttf-liberation (ttf-defenestrationAUR)
- xdg-utils (busking-gitAUR, xdg-utils-slockAUR, mimiAUR, mimi-gitAUR, xdg-utils-handlrAUR, openerAUR, xdg-utils-mimeoAUR, mimejs-gitAUR)
- gnome-keyring (gnome-keyring-gitAUR) (optional) – for storing passwords in GNOME keyring
- kdialog (kdialog-gitAUR) (optional) – for file dialogs in KDE
- kwallet (kwallet-gitAUR) (optional) – for storing passwords in KWallet
- pipewire (pipewire-gitAUR, pipewire-full-gitAUR) (optional) – WebRTC desktop sharing under Wayland
Required by (40)
- bitwarden-chromium (optional)
- captive-browser-git (optional)
- chrome-extension-bitwarden-git (optional)
- chrome-extension-ocrs-git
- chromedriver (optional)
- chromium-extension-adnauseam (optional)
- chromium-extension-autoscroll (optional)
- chromium-extension-plasma-integration (optional)
- chromium-extension-runet-censorship-bypass (optional)
- chromium-material-icons-for-github-bin (optional)
- chromium-vencord (optional)
- chromium-vencord-bin (optional)
- chromium-vencord-git (optional)
- dedao-dl-bin (optional)
- endpoint-verification-chrome
- endpoint-verification-minimal
- ff2mpv-go-git (optional)
- ff2mpv-rust (optional)
- hub-kids (optional)
- hub-young (optional)
- ice-ssb (optional)
- ice-ssb-git (optional)
- kget-integrator-chrome (optional)
- lastpass (optional)
- marp-cli (optional)
- nfauthenticationkey (optional)
- pearson-reader-plus-full-lang (optional)
- pennywise-bin (optional)
- pt-plugin-plus-bin (optional)
- pt-plugin-plus-git (optional)
- python-nativemessaging-ng (optional)
- python-webdriver-manager (check)
- quick-n-easy-web-builder-10 (optional)
- sshcode-bin (optional)
- uget-integrator-chrome (optional)
- upload-gphotos (optional)
- web-media-controller-mpris (optional)
- web-media-controller-mpris-git (optional)
- webchanges (optional)
- webui-aria2-git (optional)
Sources (3)
Latest Comments
« First ‹ Previous 1 .. 88 89 90 91 92 93 94 95 96 97 98 .. 157 Next › Last »
Det commented on 2015-02-07 05:38 (UTC)
tormund commented on 2015-02-06 18:10 (UTC)
Latest release won't let you press enter to search terms in the omnibox, but it will let you go to suggested websites.
Det commented on 2015-02-05 17:25 (UTC)
You need to press "Flag package out-of-date" from the right :).
Xiaoming94 commented on 2015-02-05 17:23 (UTC)
plz update this package
Det commented on 2015-02-05 10:11 (UTC)
With this specific package it doesn't really make much of a difference (I'd like to see anybody breaking Google's servers), but I could actually convert all of my packages to SHA-256. There's barely any performance impact:
$ time md5sum google-chrome-stable_current_amd64.deb | tail -1
md5sum google-chrome-stable_current_amd64.deb 0.11s user 0.01s system 105% cpu 0.118 total
$ time sha256sum google-chrome-stable_current_amd64.deb | tail -1
sha256sum google-chrome-stable_current_amd64.deb 0.27s user 0.03s system 96% cpu 0.308 total
The poor algorithm has indeed been tortured ever since 2004 (https://en.wikipedia.org/wiki/MD5), and there's no real reason to still be using it. Everybody's just too lazy to do anything about it. Even the Wiki still mentions md5sums: https://wiki.archlinux.org/index.php/PKGBUILD
vikstrous commented on 2015-02-05 06:16 (UTC)
Please use something better than md5, like sha256.
Det commented on 2015-02-04 13:50 (UTC)
This wasn't really all that hard to find: https://code.google.com/p/chromium/issues/detail?id=430910
It's got to do with libgtk indeed.
gauravpadia commented on 2015-02-04 13:44 (UTC)
I am also experience the same issue as specified by @radikal. Chrome randomly crashes when saving image or any page. I am using awesome window manager. Here is the dmesg log:
[ 8034.745932] chrome[1112]: segfault at 30 ip 00007ffd770f0186 sp 00007fff0360d170 error 4 in libgtk-x11-2.0.so.0.2400.25[7ffd76e31000+436000]
[12221.628406] chrome[5593]: segfault at 30 ip 00007f73be130186 sp 00007fff75c3e9a0 error 4 in libgtk-x11-2.0.so.0.2400.25[7f73bde71000+436000]
Det commented on 2015-02-04 00:49 (UTC)
You can use:
$ curl -s https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/other.xml.gz | gzip -df | awk -F\" '/pkgid/{ sub(".*-","",$4); print $4": "$10 }'
beta: 41.0.2272.35
stable: 40.0.2214.95
unstable: 42.0.2292.0
skogler commented on 2015-02-04 00:16 (UTC)
checksum seems to be incorrect, for me (64 bit) the correct md5sum is
361aea21e6e3acaa805af17edb4ffe49
Pinned Comments
gromit commented on 2023-04-15 08:22 (UTC) (edited on 2023-05-08 21:42 (UTC) by gromit)
When reporting this package as outdated make sure there is indeed a new version for Linux Desktop. You can have a look at the "Stable updates" tag in Release blog for this.
You can also run this command to obtain the version string for the latest chrome version:
Do not report updates for ChromeOS, Android or other platforms stable versions as updates here.