this post was submitted on 16 Oct 2023

12 points (100.0% liked)

Ask Android

2200 readers

3 users here now

A place to ask your questions and seek help related to your Android device and the Android ecosystem.

Whether you're looking for app recommendations, phone buying advice, or want to explore rooting and tutorials, this is the place for you!

Rules

Be descriptive: Help us help you by providing as many details as you can.
Be patient: You're getting free help from Internet strangers, so you may have to wait for an answer.
Be helpful: If someone asks you for more information, tell us what you can. If someone asks you for a screenshot, please provide one!
Be nice: Treat others with respect, even if you don't agree with their advice. Accordingly, you should expect others to be nice to you as well. Report intentionally rude answers.
No piracy: Sharing or discussing pirated content is strictly prohibited. Do not ask others for a paid app or about how to acquire one.
No affiliate/marketing links: Posting affiliate links is not allowed.
No URL shorteners: These can hide the true location of the page and lead people to malicious places.
No lockscreen bypasses: Please do not comment, link, or assist with bypassing lock screens or factory reset protection.
No cross-posting: Please take the time to make a proper post instead of cross-posting.

Other Communities

founded 1 year ago

MODERATORS

[email protected]

Does the webp vulnerability (CVE-2023-4863) affect the Bromite browser? (lemdro.id)

submitted 1 year ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Hello everyone, I'm new here and I've got a fairly serious question/problem.

I've used Bromite for a long time, and now with the threat of CVE-2023-4863, I can't help but constantly fear getting screwed over by a malicious image. I've tried looking myself but cannot find an answer if bromite is vulnerable to this threat, mostly because the main developer of the browser hasn't been active for a very long time.

I'd love to switch to another browser but to transfer all my data would require root access, which could damage my pixel 6. So I'm kinda stuck in a jam.

Can anyone please help me?

top 12 comments

sorted by: hot top controversial new old

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

Unfortunately browsers need at least a monthly security update. Bromite doesn't have a commit since January, so it's dead. And the last release is from December. Even if for some reason it didn't have that specific webp vulnerability, it has 11 months of other security issues. You must stop using it immediately right now

For a browser there's no data to transfer except the few bookmarks and the opened tabs (you aren't using a dead browser with no sync as your only password manager, right?). Install a new browser, then share the bookmarks and tabs one by one.

I don't understand how root can break your Pixel (it doesn't void warranty) but anyway unlocking the bootloader for rooting requires a full wipe and all you can get is a config database that could only be used with bromite (or forks, if they didn't change too much)

For your next browser choose one that has hundreds of devs as staying behind updates is a massive task and a small team (or a single person) like the one behind bromite can easily burnout and disappear overnight.

[–] [email protected] 2 points 1 year ago (1 children)

Thank you for your reply, I don't look forward to transferring things over one by one, but it is a better idea than me just Freaking out. As for worrying about breaking my phone, I do not consider myself very smart, so reading that there is a chance that rooting your phone can brick it scares me.

As for a password manager, I'm not completely stupid, I use an offline app which is updated fairly regularly and is quite secure.

sigh Guess I'd better get to working on this sooner rather than later. Thank you again for your reply.

[–] [email protected] 1 points 1 year ago (1 children)

Good luck on this

[–] [email protected] 2 points 1 year ago (1 children)

Thank you, sadly enough I might actually need it.

[–] [email protected] 1 points 1 year ago

Don't hesitate to come back for help

[–] [email protected] 5 points 1 year ago (2 children)

If you like Bromite there is a fork of it called Cromite https://github.com/uazo/cromite

Or you could try Mulch https://divestos.org/pages/our_apps#mulch

Both are Chromium browsers

[–] [email protected] 4 points 1 year ago (1 children)

Thank you for the reply, I was aware of Cromite, though not of Mulch. Considering how Bromite turned out, I'm looking at Vivaldi at this point for my new browser.

[–] [email protected] 4 points 1 year ago

Remember to keep Android System Webview updated as well.

[–] [email protected] 2 points 1 year ago

MORE BROMITE FORKS!

[–] [email protected] 4 points 1 year ago (1 children)

Does the webp vulnerability (CVE-2023-4863) affect the Bromite browser?

Yes

I'd love to switch to another browser but to transfer all my data would require root access, which could damage my pixel 6. So I'm kinda stuck in a jam.

Transferring your data to Firefox does not require root access

[–] [email protected] 3 points 1 year ago (1 children)

Ah, I see. Thank you for the swift answer, though I'm afraid I don't know what you mean by just transferring to Firefox. Bromite is an android browser and does not have a sync function, which prevents me from easily getting to the app data and moving it to a new android browser. If I'm mistaken can you give me a link?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

What data in particular are you after pulling from Bromide?

I've never used it so not aware of its interface but most browsers allow you to grab your usernames / passwords (tip: it's a bad idea to store them in a browsers data and a password manager the better route) even if it means doing each one individually if it doesn't allow mass exporting of data.

But as the above commenters have said using an out of date browser is something to put some time aside to fix. Good luck!