The Sad State Of Web Browser Support Currently Within Debian
When it comes to the state of packaged web browsers for Debian GNU/Linux, unfortunately it leaves a lot to be desired at the moment and for those wanting to be secure and up-to-date it can mean resorting to proprietary or un-packaged browser builds.
A Phoronix reader wishing to remain anonymous wrote in around the unfortunate state of packaged web browser support for Debian. Below is his synopsis on the state of web browsers packaged in Debian as a word of caution to users with regards to outstanding security updates.
All of the Debian-shipped browsers (Chromium, Firefox ESR, Falkon, ...) are having severe open security issues which the package maintainers apparently are not able to fix easily:
- Chromium is still at version 90.0.4430.212-1 which means it contains tons of security issues. The Debian Wiki recommends switching to a different browser. Those who have installed the browser previously and rely on automatic updates are left with an unpatched browser without even noticing.
- Debian's official web browser is Mozilla Firefox (the ESR version). The last update of Firefox ESR in Debian stable has been version 78.15.0. This version also has quite a few unpatched security issues and the 78.x ESR branch is not maintained by Mozilla anymore. They need to update to the 91.x ESR branch, which apparently causes big problems in the current stable Debian platform. In an issue, people complain about freezing browser sessions with the 91.x release, which blocks the new Firefox ESR release from being pushed to "stable-security". Somebody in the issue claims the reason: "Firefox-ESR 91.3 doesn't use OpenGL GLX anymore. Instead it uses EGL by default. EGL requires at least mesa version 21.x. Debian stable (bullseye) ships with mesa version 20.3.5."
So this does not look good at all right now. Mozilla Thunderbird is affected by this as well by the way.
- Other browsers which are included in the Debian distribution, such as Falkon, have also not seen any security patches for a long time (for Falkon the QtWebEngine package would need to be updated).
That seems to be the current state of affairs for web browsers at the moment on Debian... Basically if you want to stay up-to-date, it seems your best option is relying on binaries from the like of Mozilla Firefox or Google Chrome, but even with the latest Firefox may be issues on Debian stable around EGL/GLX. The Phoronix reader ended with, "the very sad part about this situation is that Debian actually has a philosophy of keeping non-libre software away from the user by default. But this situation actually pushes people towards closed-source browsers such as Google Chrome or Opera. Tough times for the Debian project."
A Phoronix reader wishing to remain anonymous wrote in around the unfortunate state of packaged web browser support for Debian. Below is his synopsis on the state of web browsers packaged in Debian as a word of caution to users with regards to outstanding security updates.
All of the Debian-shipped browsers (Chromium, Firefox ESR, Falkon, ...) are having severe open security issues which the package maintainers apparently are not able to fix easily:
- Chromium is still at version 90.0.4430.212-1 which means it contains tons of security issues. The Debian Wiki recommends switching to a different browser. Those who have installed the browser previously and rely on automatic updates are left with an unpatched browser without even noticing.
- Debian's official web browser is Mozilla Firefox (the ESR version). The last update of Firefox ESR in Debian stable has been version 78.15.0. This version also has quite a few unpatched security issues and the 78.x ESR branch is not maintained by Mozilla anymore. They need to update to the 91.x ESR branch, which apparently causes big problems in the current stable Debian platform. In an issue, people complain about freezing browser sessions with the 91.x release, which blocks the new Firefox ESR release from being pushed to "stable-security". Somebody in the issue claims the reason: "Firefox-ESR 91.3 doesn't use OpenGL GLX anymore. Instead it uses EGL by default. EGL requires at least mesa version 21.x. Debian stable (bullseye) ships with mesa version 20.3.5."
So this does not look good at all right now. Mozilla Thunderbird is affected by this as well by the way.
- Other browsers which are included in the Debian distribution, such as Falkon, have also not seen any security patches for a long time (for Falkon the QtWebEngine package would need to be updated).
That seems to be the current state of affairs for web browsers at the moment on Debian... Basically if you want to stay up-to-date, it seems your best option is relying on binaries from the like of Mozilla Firefox or Google Chrome, but even with the latest Firefox may be issues on Debian stable around EGL/GLX. The Phoronix reader ended with, "the very sad part about this situation is that Debian actually has a philosophy of keeping non-libre software away from the user by default. But this situation actually pushes people towards closed-source browsers such as Google Chrome or Opera. Tough times for the Debian project."
213 Comments