Worrisome security update cycle?
-
The requested security fix is now available in the latest Snapshot
-
@pesala this should answer fully to the OP about how Vivaldi takes these issues seriously
-
@ian-coog The OP is using Vivaldi version 1.15.1147.42 so they will have to wait a little longer for a patch.
Snapshots usually work just fine, but regressions can sometimes spoil your day. Backup your User Data.
-
@x385993 said in Worrisome security update cycle?:
So users are advised to use chrome
Utterly wrong.
-
Thanks for the answers I will use chrome until the next stable Vivaldi release. This vulnerability is simply too dangerous!
And I like stable instead of bleeding edge so nightly builds are not my cop of tea.
Best regards,
Alex -
@x385993 Well, they're not nightly, but approximately weekly, and so stable that tens of thousands of users use them as their default browser. Not as "stable" as Stable, but often measurably better.
-
The latest version of Vivaldi 1.15 includes security updates for Chrome 68.
-
https://vivaldi.com/blog/snapshots/regression-fixes-backend-updates-and-improvements/
There, Vivaldi 2.0 with Chromium 69, it's updated enough now? -
@ian-coog I dunno. Chrome 69 was released a few days ago, so it's already out of date.
-
-
@gwen-dragon Vivaldi Super Star!
-
I'm still concerned about the lack of security consciousness within the Vivaldi community. "Take a snapshot version - but you can run into trouble" is not the kind of answer I find appropriate. I expect a software to be reliable and secure.
Digging deeper, it seems that security is not a focus of the whole team. Skimming through "What we believe" doesn't contain any single sentence on security. I couldn't find any commitment concerning that point.Latest stable Vivaldi version was released on August 7, 2018. Since then, there had been several CERT authorities issuing warnings for Chrome security bugs.
Looking at the announcement Google made on September 4th, there are 7 high risk issues which could be used to attack a system by just visiting a website. Another high risk bug was addressed some days later.
I don't want to dig deeper, how many severe bugs are still not fixed in the stable version.Vivaldi was my favorite browser, despite some really nasty bugs eg slowing down to crawl under heavy load with many tabs open. But a lack of security responsibility is an absolute show stopper. Beyond any nice feature a browser offers me, security is what matters most for any software accessing the internet. Your privacy, your accounts, your money and your data are at risk - regardless of your operation system. The times have changed: we are facing lot's of highly professional cyber criminals with lot's of money and high skills. Ripping off in-secure users is gaining more profit than any dumb mugging or bank raid.
Security has to be the main focus for any developer. -
Whenever we release a stable version of Vivaldi, it includes applicable security patches for the current version of Chromium, even if it is based on an older Chromium version. So, for example, Vivaldi 1.15 is based on Chromium 65, but it has security patches from Chromium 66, Chromium 67 and Chromium 68 as well. As a result, as long as you allow Vivaldi to install updates, you will have important or relevant security patches from the current version of Chromium, no matter which version of Chromium it appears to be based on.
-
Thanks for your response. But, as I wrote above:
Latest stable Vivaldi version was released on August 7, 2018. Since then, there had been several CERT authorities issuing warnings for Chrome security bugs.
So my point is: if anybody is using the stable version (usually recommended for any piece software), there are several serious security bugs which are still not fixed, even several weeks later.
Regarding the huge installation base of Chrome and Chromium-based browsers, trying to exploit such bugs is quite interesting from a cyber criminal point of view. So it's a real thread to any Chrom(ium) user out there.
I think your answer doesn't resolve my concern. -
@kaesspaetzle Sorry for the late reply, we have been working on the the 69 based release rather than back porting more fixes. This is out now. Feel better?