Chromium browser tries to read sensitive files: –/.ssh –/.gnupg –/.dbus /boot
bugs.debian.orgPackage: chromium Version: 138.0.7204.49-1~deb12u1
I am experiencing very weird and suspicious issue on debian 12.
For context, I am using grsecurity + RBAC, which gives me the possibility to see what files each program wants to access. My issue is not caused by RBAC. but RBAC brought my attention to this issue.
SO, I have upgraded chromium browser to: 138.0.7204.49
and suddenly when chromium starts, in addition to trying to access the usual files in my home, such as ~/.config/chromium or ~/.cache , it now tries to access sensitive folders on my system:
~/.ssh/ ~/.gnupg/ ~/.dbus/ /boot/
(while ~/.dbus is not as immediately alarming as the others, Chromium accessing this when it didn't before is still a change in behavior that deserves scrutiny)
this never happened before. I am sure, because the RBAC rules that I am using would have alerted me.
this is highly suspicious and potentially a serious security issue !
this issue was originally reported on chromium 138, fixed in next version, and now it's back in version 140.0.7339.80
Is it a problem with the Debian package or upstream?
I assume upstream. Hard to imagine that Debian would be adding this "feature" themselves.