Fixes and Chromium update – Vivaldi Android Browser snapshot 1804.3
-
Several fixes and a Chromium update in today’s snapshot.
Click here to see the full blog post
-
Third
-
This version has a major security issue, I recommend everyone to use the beta version for now.
More info for employees: VB-62721
Edit: next snapshot is out and it fixes the issue.
-
@madiso said in Fixes and Chromium update – Vivaldi Android Browser snapshot 1804.3:
This version has a major security issue, I recommend everyone to use the beta version for now.
More info for employees: VB-62721
This is still beta, isn't it?
-
@mossman Oh no, my mistake. I forgot the opened a second "snapshot" line which I switched to.
-
@madiso said in Fixes and Chromium update – Vivaldi Android Browser snapshot 1804.3:
This version has a major security issue, I recommend everyone to use the beta version for now.
More info for employees: VB-62721
May I ask even via PM what this mean?
I only use the snapshot on my mobile: is not my main browser yet, but as I use it quite often and with sync.... -
@Gwen-Dragon Ok then.
So it is a CVE chromium restricted bug.
A not "simply" a Vivaldi major issue.
Guess I'll wait the next snaps. Thanks. -
Could I ask that if a security flaw is reported and confirmed internally, and it is deemed to have a severity above a certain threshold, that Vivaldi update the blog/forum post(s) with a notice at the top to warn users?
I don't always read the comments, in fact the reason I read them this time was because the thread popped to the top of my unread threads in the forum. I just got lucky, and then went into the Play Store app to disable auto-update for Vivaldi Snapshot before it was picked up by my phone.
Unless Vivaldi is going to pull the build from the store and somehow force those that upgraded to revert to a build without the issue (possible to do by publishing the previous version but with a newer version number), typically my phone would have upgraded on its own and I would have been using this version unaware of any potential problem.
I of course realized that I shouldn't have pre-release software like this set to auto-update, and have turned it off, that was a configuration error on my part. Some people, however, might just read the blog or OP in the forum thread and miss the alert and still upgrade manually.
Every project is going to have major security flaws in their software if it survives long enough, their presence is to be expected. What matters, in my view, is how they are handled. The fast response to a potential issue here was great. In this case, I don't know if the issue has been confirmed, nor do I know its severity if it is confirmed.
Going forward, however, if a security or privacy issue of high severity is confirmed internally, it would definitely be appreciated if such a notice could be prepended to the original announcement to help reduce the potential exposure to users. Perhaps an additional new post to catch the attention of people who had already read the original but aren't following it would be warranted as well.
Just some ideas on how to increase the communication about these issues to the userbase. Any reasonable user should understand that major software projects are going to have them, and would appreciate the efforts to protect us.
Thanks,
BoneTone -
@bonetone: It wasn't a security issue after all, if it was we'd probably have pulled the build or instant update, we did however fix the bug and it is available in the new snapshot.