{ "version": "https://jsonfeed.org/version/1.1", "user_comment": "This feed allows you to read the posts from this site in any feed reader that supports the JSON Feed format. To add this feed to your reader, copy the following URL -- https://matoken.org/blog/tag/thorium/feed/json -- and add it your reader.", "home_page_url": "https://matoken.org/blog/tag/thorium", "feed_url": "https://matoken.org/blog/tag/thorium/feed/json", "language": "ja", "title": "Thorium – matoken's meme", "items": [ { "id": "https://matoken.org/blog/?p=4058", "url": "https://matoken.org/blog/2024/07/30/thorium-browser-aims-to-improve-performance-based-on-chromium-browser/", "title": "Chromium Browser \u3092\u30d9\u30fc\u30b9\u306b\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u5411\u4e0a\u3092\u76ee\u6307\u3059 Thorium Browser", "content_html": "
\n
\n
\n

Thorium \u3068\u3044\u3046 Chromium \u3092\u30b3\u30f3\u30d1\u30a4\u30e9\u306e\u6700\u9069\u5316\u306a\u3069\u3092\u4f7f\u3044\uff0c\u901a\u5e38\u306e Chromium \u306b\u6bd4\u3079\u3066 8\u301c38% \u306e\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u306e\u5411\u4e0a\u304c\u5b9f\u73fe\u3067\u304d\u308b\u3082\u306e\u3092\u77e5\u308a\u307e\u3057\u305f\uff0e

\n
\n
\n\n
\n
\n

\u30b5\u30d6\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u304c\u591a\u6570\u3042\u308a\uff0c\u5404\u7a2e\u74b0\u5883\u5411\u3051\u306eThorium \u3084ThoriumOS, Codium \u306a\u3069\u3082\u3042\u308a\u307e\u3059\uff0e

\n
\n
\n

\u30e2\u30d0\u30a4\u30eb\u7aef\u672b\u306e\u96fb\u6c60\u6301\u3061\u304c\u826f\u304f\u306a\u3063\u305f\u308a\uff0c\u53e4\u3044\u7aef\u672b\u3067\u306e\u52d5\u4f5c\u304c\u8efd\u304f\u306a\u308b\u306e\u3067\u306f\u306a\u3044\u304b\u3068\u671f\u5f85\u304c\u6301\u3066\u307e\u3059\uff0e

\n
\n

\n

\n
\n
\n

\u5c0e\u5165

\n
\n
\n

\u4eca\u56de\u306f Debian sid amd64 \u74b0\u5883\u3078\uff0e.deb \u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3053\u3061\u3089\u3092\u5229\u7528\u3057\u307e\u3057\u305f\uff0e

\n
\n
\n
\n
$ sudo wget --no-hsts -P /etc/apt/sources.list.d/ http://dl.thorium.rocks/debian/dists/stable/thorium.list\n$ sudo apt update\n$ sudo apt install thorium-browser\n$ thorium-browser --version\nThorium 124.0.6367.218 stable, built on Ubuntu
\n
\n
\n
\n

\"thorium

\n
\n
\n
\n
\n

\u8d77\u52d5

\n
\n
\n

\u8d77\u52d5\u3059\u308b\u3068\u898b\u305f\u76ee\u306f Chromium \u3067\u3059\uff0e\u666e\u901a\u306b\u4f7f\u3048\uff0cChrome \u306e\u62e1\u5f35\u6a5f\u80fd\u3082\u5229\u7528\u3067\u304d\u307e\u3059\uff0eGoogle \u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u540c\u671f\u3082\u53ef\u80fd\u3067\u3059\uff0e
\n\u3068\u3044\u3046\u3053\u3068\u3067\u4f7f\u3044\u52dd\u624b\u306f Chromium \u3068\u5909\u308f\u3089\u305a\uff0e

\n
\n
\n

\u3057\u304b\u3057\uff0c\u3057\u3070\u3089\u304f\u4f7f\u3063\u3066\u3044\u307e\u3057\u305f\u304c\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u964d\u308a\u3066\u304d\u307e\u305b\u3093\uff0eChromium \u306b\u8ffd\u5f93\u3057\u3066\u304a\u3089\u305a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7684\u306b\u4e0d\u5b89\u304c\u6b8b\u308a\u307e\u3059\uff0e

\n
\n
\n
Chromium \u306echangelog \u3092\u898b\u308b\u3068 urgency=high \u3092\u542b\u3080\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4fee\u6b63\u304c\u6ca2\u5c71\uff0e
\n
\n
$ zcat /usr/share/doc/chromium/changelog.Debian.gz | head -192 | grep CVE\n    - CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-6291: Use after free in Swiftshader.\n    - CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee\n    - CVE-2024-6101: Inappropriate implementation in WebAssembly.\n    - CVE-2024-6102: Out of bounds memory access in Dawn.\n    - CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-5830: Type Confusion in V8.\n    - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.\n    - CVE-2024-5834: Inappropriate implementation in Dawn.\n    - CVE-2024-5835: Heap buffer overflow in Tab Groups.\n    - CVE-2024-5836: Inappropriate Implementation in DevTools.\n    - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.\n    - CVE-2024-5838: Type Confusion in V8.\n    - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.\n    - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.\n    - CVE-2024-5841: Use after free in V8.\n    - CVE-2024-5842: Use after free in Browser UI.\n    - CVE-2024-5843: Inappropriate implementation in Downloads.\n    - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.\n    - CVE-2024-5845: Use after free in Audio. Reported by anonymous.\n    - CVE-2024-5846: Use after free in PDFium.\n    - CVE-2024-5847: Use after free in PDFium.\n    - CVE-2024-5493: Heap buffer overflow in WebRTC.\n    - CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-5496: Use after free in Media Session.\n    - CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.\n    - CVE-2024-5498: Use after free in Presentation API.\n    - CVE-2024-5499: Out of bounds write in Streams API.\n    - CVE-2024-5274: Type Confusion in V8. Reported by Cl\u00e9ment Lecigne of\n    - CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.\n    - CVE-2024-5158: Type Confusion in V8.\n    - CVE-2024-5159: Heap buffer overflow in ANGLE.\n    - CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.\n    - CVE-2024-4947: Type Confusion in V8. Reported by Vasily\n    - CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz.\n    - CVE-2024-4949: Use after free in V8.\n    - CVE-2024-4950: Inappropriate implementation in Downloads.
\n
\n
\n
\n

\u3068\u3044\u3046\u3053\u3068\u3067\u30e1\u30a4\u30f3\u74b0\u5883\u3067\u306f\u4f7f\u308f\u306a\u3044\u3053\u3068\u306b\u3057\u3087\u3046\u3068\u601d\u3044\u307e\u3059\uff0e

\n
\n
\n
\u74b0\u5883
\n
\n
$ dpkg-query -W thorium-browser\nthorium-browser 124.0.6367.218-1\n$ lsb_release -dr\nDescription:    Debian GNU/Linux trixie/sid\nRelease:        n/a\n$ arch\nx86_64
\n
\n
\n
\n
\n", "content_text": "Thorium \u3068\u3044\u3046 Chromium \u3092\u30b3\u30f3\u30d1\u30a4\u30e9\u306e\u6700\u9069\u5316\u306a\u3069\u3092\u4f7f\u3044\uff0c\u901a\u5e38\u306e Chromium \u306b\u6bd4\u3079\u3066 8\u301c38% \u306e\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u306e\u5411\u4e0a\u304c\u5b9f\u73fe\u3067\u304d\u308b\u3082\u306e\u3092\u77e5\u308a\u307e\u3057\u305f\uff0e\n\n\n\n\nThorium Browser\n\n\n\n\n\u30b5\u30d6\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u304c\u591a\u6570\u3042\u308a\uff0c\u5404\u7a2e\u74b0\u5883\u5411\u3051\u306eThorium \u3084ThoriumOS, Codium \u306a\u3069\u3082\u3042\u308a\u307e\u3059\uff0e\n\n\n\u30e2\u30d0\u30a4\u30eb\u7aef\u672b\u306e\u96fb\u6c60\u6301\u3061\u304c\u826f\u304f\u306a\u3063\u305f\u308a\uff0c\u53e4\u3044\u7aef\u672b\u3067\u306e\u52d5\u4f5c\u304c\u8efd\u304f\u306a\u308b\u306e\u3067\u306f\u306a\u3044\u304b\u3068\u671f\u5f85\u304c\u6301\u3066\u307e\u3059\uff0e\n\n\n\n\n\n\u5c0e\u5165\n\n\n\u4eca\u56de\u306f Debian sid amd64 \u74b0\u5883\u3078\uff0e.deb \u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3053\u3061\u3089\u3092\u5229\u7528\u3057\u307e\u3057\u305f\uff0e\n\n\n\n$ sudo wget --no-hsts -P /etc/apt/sources.list.d/ http://dl.thorium.rocks/debian/dists/stable/thorium.list\n$ sudo apt update\n$ sudo apt install thorium-browser\n$ thorium-browser --version\nThorium 124.0.6367.218 stable, built on Ubuntu\n\n\n\n\n\n\n\n\n\u8d77\u52d5\n\n\n\u8d77\u52d5\u3059\u308b\u3068\u898b\u305f\u76ee\u306f Chromium \u3067\u3059\uff0e\u666e\u901a\u306b\u4f7f\u3048\uff0cChrome \u306e\u62e1\u5f35\u6a5f\u80fd\u3082\u5229\u7528\u3067\u304d\u307e\u3059\uff0eGoogle \u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u540c\u671f\u3082\u53ef\u80fd\u3067\u3059\uff0e\n\u3068\u3044\u3046\u3053\u3068\u3067\u4f7f\u3044\u52dd\u624b\u306f Chromium \u3068\u5909\u308f\u3089\u305a\uff0e\n\n\n\u3057\u304b\u3057\uff0c\u3057\u3070\u3089\u304f\u4f7f\u3063\u3066\u3044\u307e\u3057\u305f\u304c\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u964d\u308a\u3066\u304d\u307e\u305b\u3093\uff0eChromium \u306b\u8ffd\u5f93\u3057\u3066\u304a\u3089\u305a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7684\u306b\u4e0d\u5b89\u304c\u6b8b\u308a\u307e\u3059\uff0e\n\n\nChromium \u306echangelog \u3092\u898b\u308b\u3068 urgency=high \u3092\u542b\u3080\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4fee\u6b63\u304c\u6ca2\u5c71\uff0e\n\n$ zcat /usr/share/doc/chromium/changelog.Debian.gz | head -192 | grep CVE\n - CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-6291: Use after free in Swiftshader.\n - CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee\n - CVE-2024-6101: Inappropriate implementation in WebAssembly.\n - CVE-2024-6102: Out of bounds memory access in Dawn.\n - CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-5830: Type Confusion in V8.\n - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.\n - CVE-2024-5834: Inappropriate implementation in Dawn.\n - CVE-2024-5835: Heap buffer overflow in Tab Groups.\n - CVE-2024-5836: Inappropriate Implementation in DevTools.\n - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.\n - CVE-2024-5838: Type Confusion in V8.\n - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.\n - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.\n - CVE-2024-5841: Use after free in V8.\n - CVE-2024-5842: Use after free in Browser UI.\n - CVE-2024-5843: Inappropriate implementation in Downloads.\n - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.\n - CVE-2024-5845: Use after free in Audio. Reported by anonymous.\n - CVE-2024-5846: Use after free in PDFium.\n - CVE-2024-5847: Use after free in PDFium.\n - CVE-2024-5493: Heap buffer overflow in WebRTC.\n - CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-5496: Use after free in Media Session.\n - CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.\n - CVE-2024-5498: Use after free in Presentation API.\n - CVE-2024-5499: Out of bounds write in Streams API.\n - CVE-2024-5274: Type Confusion in V8. Reported by Cl\u00e9ment Lecigne of\n - CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.\n - CVE-2024-5158: Type Confusion in V8.\n - CVE-2024-5159: Heap buffer overflow in ANGLE.\n - CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.\n - CVE-2024-4947: Type Confusion in V8. Reported by Vasily\n - CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz.\n - CVE-2024-4949: Use after free in V8.\n - CVE-2024-4950: Inappropriate implementation in Downloads.\n\n\n\n\u3068\u3044\u3046\u3053\u3068\u3067\u30e1\u30a4\u30f3\u74b0\u5883\u3067\u306f\u4f7f\u308f\u306a\u3044\u3053\u3068\u306b\u3057\u3087\u3046\u3068\u601d\u3044\u307e\u3059\uff0e\n\n\n\u74b0\u5883\n\n$ dpkg-query -W thorium-browser\nthorium-browser 124.0.6367.218-1\n$ lsb_release -dr\nDescription: Debian GNU/Linux trixie/sid\nRelease: n/a\n$ arch\nx86_64", "date_published": "2024-07-30T06:15:26+09:00", "date_modified": "2024-07-30T06:15:28+09:00", "authors": [ { "name": "matoken", "url": "https://matoken.org/blog/author/matoken/", "avatar": "https://secure.gravatar.com/avatar/e34dfb243cc4baa2f1d4306941d9cfd8?s=512&d=mm&r=g" } ], "author": { "name": "matoken", "url": "https://matoken.org/blog/author/matoken/", "avatar": "https://secure.gravatar.com/avatar/e34dfb243cc4baa2f1d4306941d9cfd8?s=512&d=mm&r=g" }, "tags": [ "Chromium", "Thorium", "Web browser", "Debian", "Linux", "sid" ] } ] }