PSA: a recently-fixed image parsing vulnerability in Chrome (and things that use Chrome, such as Electron apps) is being actively exploited in the wild. install your updates!

ThatHermanoGuy , 9 months ago

More reason I wish devs would stop using Electron and stick to PWAs. Then you only have to update a single browser.

madsen , 9 months ago

I keep hearing “exploited in the wild”, but does anyone have anything concrete on it — like, IoCs, PoC, victims … anything?

narc0tic_bird , 9 months ago

Electron apps are such a joke, honestly.

cbarrick , 9 months ago

VS Code is an awesome electron app

turkalino , 9 months ago

Discord is pretty bangin too

It’s almost like shit electron apps are shit because the developers are such a joke (honestly), not electron.

PlexSheep , 9 months ago

Using a whole browser as the base for your application just seems unnecessary. Then again, I do most things from my terminal.

FaeDrifter , 9 months ago

The web is basically becoming a whole operating system and I hate it.

neutron , 9 months ago

At this pace I predict the fabled “year of the Linux desktop” will arrive when local- processing desktops have been overrun by closed-off mobile devices and cloud services.

saiarcot895 , 9 months ago (edited 9 months ago)

Discord has also been using ancient electron versions for a long while now (I don’t know if they’ve since updated to versions that haven’t been EoL’ed).

On Linux, I literally have a better experience using discord in my browser than the electron version.

Edit: looks like discord updated to Electron 22 in March 2023, with the update to Electron 23 happening maybe at the end of the year or early next year, according to this reddit post. So they’re getting better, but still a bit behind.

rbits , 9 months ago

Not for me, Discord is slow af on my laptop. But do definitely agree it’s Discord’s fault in this case

sturmblast , 9 months ago

Discord is a privacy invading pile of shit

raldone01 , 9 months ago

I love vs code but electron causes issues: github.com/microsoft/vscode/issues/10121

anlumo , 9 months ago

On ArchLinux, many Electron apps use a central installation of Electron that is kept up to date by the package manager. That works pretty well.

Of course, snap-based distributions like Ubuntu and other systems without a proper package manager like macOS and Windows can’t do it like that.

narc0tic_bird , 9 months ago

That’s pretty cool. I’m wondering how often this leads to compatibility problems.

Still, nothing comes close to a native UI experience.

anlumo , 9 months ago

Still, nothing comes close to a native UI experience.

That’s not really well defined on Linux. It feels like every application comes with its own toolkit and its own behavior. Even on Windows, there is a mixture of three different generations of Windows UI systems (Windows XP-style, Windows 8-style, Fluent) that are completely different.

hal_5700X , 9 months ago (edited 9 months ago)

Firefox version 117.0.1 haves the fix.

EDIT Also Tor got patched with 12.5.4.

TigrisMorte , 9 months ago

And Firefox and Thunderbird as well. Updates for everything are available.

WhoRoger , 9 months ago

Guess it’s time to finally retire Bromite

Skimmer , 9 months ago

Have you tried Cromite? Its forked from Bromite by one of the original developers, except kept up to date and actively maintained, plus improved constantly, etc.

WhoRoger , 9 months ago

Can’t use it as I have a 32bit phone and the dev refuses to provide a 32bit binary (and won’t explain why, referring to some nonexistent past discussion)

Skimmer , 9 months ago

Ah, that’s unfortunate. Then yeah, I guess your best bet is to stick to a Firefox based browser (that’s my recommendation personally, I use Mull), or if you still need Chromium, I think Brave is the best option atm.

WhoRoger , 9 months ago

I only use Bromite at this point for some streaming stuff which don’t work so well on FF based browsers, and Mulch always pauses playback when minimised… Bloody annoying. I didn’t want to use Brave, but I guess I might have to try it.

Spotlight7573 , 9 months ago

github.com/uazo/bromite-buildtools/issues/59

issue poster: if it’s possible for you, to release 32-bit build

uazo: no, see #41

github.com/uazo/bromite-buildtools/issues/41

issue poster: can you please also build arm-v7 version of current Bromite?

uazo: no, sorry. my current build system does not allow this due to an issue in sysbox

Edit: also:

github.com/uazo/cromite/issues/146

uazo: sysbox does not support 32-bit applications in 64-bit containers. the build without it works (as I think you did), but my server runs with sysbox.

WhoRoger , 9 months ago

Okay

alphapuggle , 9 months ago

Are any modern phones really 32 bit only? What device are you running?

WhoRoger , 9 months ago

Not for a while, I have an oldish Motorola with Android 9, probably one of the last phones with 32b OS

(Don’t anyone dare tell me to “upgrade”)

alphapuggle , 9 months ago

Huh didn’t realize that would’ve come with 32 bit so recently. I ran a z2 force up until about 2 years ago when it stopped holding a charge. Those old Motorolas were great phones, but I haven’t found anything in their recent line that interested me. Ended up going with a Pixel 6 and then a 7 pro, my dad needed an update from his z2 force and it was cheaper if I just gave him mine and upgraded. Haven’t had any issues with the pixels, except for my sister dropping her 2xl and breaking the screen. Anything you get eventually though get unlocked. Tensor has a bunch of custom roms now so anything you upgrade will last for a while.

WhoRoger , 9 months ago

Well this was a 150 € phone when new so that’s a pretty different category than what you’re looking at. I wouldn’t be surprised if 32b was still a thing in the cheap Chinese phones.

If I ever get a chance to replace it, it will be extremely tough because it has a bunch of things which are indispensable for me that newer models simply don’t have.

alphapuggle , 9 months ago

What kind of stuff are you looking for?

WhoRoger , 9 months ago

Screen with no holes, physical dual SIM cards and mSD card, headphone jack, somewhat trustworthy manufacturer with no ads and bloat, easily unlockable bootloader. There should still be one German-made phone that still has all that and some more, if it still exists, although if I ever get to getting a new phone we’ll probably all be using brain implants so it may all be moot by that point. Don’t worry about it, I’m not looking for recommendations or anything, I know everyone thinks my demands are crazy.

alphapuggle , 9 months ago

Nah the demands aren’t crazy, they all used to be standard until the mass enshitification hit. My sister’s boyfriend found one that had almost all of those bar from the hole punch and the trustworthy manufacturer (some off brand Chinese company I don’t remember off the top of my head). Even had a thermal camera on it which was cool

WhoRoger , 9 months ago

There are a lot of phones that have some of the features - Sony has punchless displays, some cheap phones have headphone jacks, all the Motorolas have two SIMs, some phones have SD cards in shared slots, Pixels and some others have unlockable bootloaders, it’s just basically impossible to get one with all of this…

Hugin , 9 months ago

Thanks as a former Bromite user I had no idea this existed.