You may have noticed that after my release of the Slackware package for Chromium (and its Un-Googled sibling) version 146.0.7680.71 there was a really short interval until I released an update in the form of the 146.0.7680.75 version.
Chromium 146.0.7680.71 is the latest major version upgrade and it addressed a crazy amount of CVE’s. I am not even going to lookup and configure the URLs, here’s the list:
CVE-2026-3913 CVE-2026-3914 CVE-2026-3915 CVE-2026-3916 CVE-2026-3917 CVE-2026-3918 CVE-2026-3919 CVE-2026-3920 CVE-2026-3921 CVE-2026-3922 CVE-2026-3923 CVE-2026-3924 CVE-2026-3925 CVE-2026-3926 CVE-2026-3927 CVE-2026-3928 CVE-2026-3929 CVE-2026-3930 CVE-2026-3931 CVE-2026-3932 CVE-2026-3934 CVE-2026-3935 CVE-2026-3936 CVE-2026-3937 CVE-2026-3938 CVE-2026-3939 CVE-2026-3940 CVE-2026-3941 CVE-2026-3942
And then the next update to 146.0.7680.75 only two days later included 2 zero-day security fixes that the developers missed somehow: both for CVE-2026-3909 and CVE-2026-3910 an exploit exists in the wild.
And then already the next day, a new update emerged which I am currently compiling: Chromium 146.0.7680.80 sources were released to address yet another zero-day exploit, this time CVE-2026-3909.
Those new packages (chromium and chromium-ungoogled 64bit binaries) will become available tomorrow, Sunday if the compilation does not fail. The 32bit package for chromium-ungoogled will follow a day later. The last two attempts to build a 32bit package had to be aborted when I discovered that there was a new release. I have only one computer that is capable of compiling Chromium, and building packages in parallel is not an option.
Enjoy the weekend and be careful accessing shady web sites 🙂
Eric
Hi Eric,
146.0.7680.80 was just the real fix for CVE-2026-3909. They said it was fixed in 146.0.7680.75 first but corrected that later.
See:
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
“Updated 2026-03-13: The previous version of these notes included CVE-2026-3909, the fix for which will instead be available in a future update.”
By the way, thanks for all the updates!
Since one of your 144/145 versions of Chromium-ungoogled (don’t remember exactly which one), I’m getting the error message:
“10482:10482:0315/234239.097724:FATAL:third_party/crashpad/crashpad/util/posix/spawn_subprocess.cc:237] posix_spawn /usr/lib64/chromium-ungoogled/chrome_crashpad_handler: No such file or directory (2)
Trace/breakpoint trap”
and Chromium-ungoogled refuses to start.
When I add the file “chrome_crashpad_handler” from one of your previous versions to /usr/lib64/chromium-ungoogled/ the problem is gone.
It seems that I’m almost the only one with this problem so there must be something strange with my configuration but I just wanted to let you know.
I get the same error about the missing crashpad handler, and then some about all my extensions, but then Ungoogled Chromium starts normally.
Do you know why chrome_crashpad_handler was included in your Ungoogled Chromium packages and now is not anymore? Was that a change in the Chromium sources or in the build process?
Ungoogled Chromium intentionally removes the crashpad_handler as a result of the project’s goal of eliminating Google-specific services and telemetry.
The crashpad_handler is the primary mechanism Chromium uses to capture and upload crash reports to Google’s servers.
By removing the handler, the browser ensures that no data, even diagnostic crash data, is inadvertently sent to Google-controlled endpoints.
That must be a recent decision then. I will check the chromium ungoogled github issues to enlighten myself. Thanks!
I removed the crashpad_handler for chromium-ungoogled on 29 July 2021… not really recent.
See https://git.slackware.nl/asb/commit/chromium/build/chromium.SlackBuild?id=2860fd21fba91724f143a9b5160345ff3beeac99
The file was still present in one of your early 143 releases. I’m quit sure.
Because that’s where I got it from to fix the problem I had with chromium-ungoogled starting up. I don’t know exactly what version because I deleted that now after copying it over to the latest version.
I know you don’t want anything to do with LQ, but here is somebody with the same problem:
https://www.linuxquestions.org/questions/slackware-14/alienbob%27s-chromium-ungoogled-143-0-7499-109-doesn%27t-start-4175756695/
To be sure I checked many packages going back to the first ungoogled-chromium I built (88.0.4324.190) and none of them ever included a crashpad_handler. The git commit I showed you was meant to silence the errors (during compilation of the package) about the non-existing binary.
Nice try 😉 but I am not going to check a LQ link. Let people come to this blog if they want to interact with me.
You’re right. I took the chrome_crashpad_handler file from your Chromium package, not your ungoogled version.
My mistake. Sorry I wasted your time with that.
It just that after your chromium-ungoogled version 143.0.7499.40 (I think), it doesn’t start up anymore without the chrome_crashpad_handler file, so I have to add it manually.
Something must have changed since chromium-ungoogled version 143.0.7499.40…
Thanks for the updates
Hee Eric,
Please take notice of the latest Chromium update.
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
At first no security fixes were mentioned, but they were added later, including a zero day…
Ah I see, you already built and uploaded chromium-ungoogled 146.0.7680.177. Thanks!
I’m very sorry that the site doesn’t open from Russia.
It could be a block from Russian government, or a block from the Akamai CDN which sits in front of the blog. I don’t block Russia or Russians; I only block IP ranges that try to DDoS me and those are mostly from China and South America.