Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
>For example, if all allowed, that would potentially permit doubleclick or googletagmanager, which I would never want to allow.

Isn't that what the advanced mode dynamic filtering on uBO is for, which you already show on your screenshot? You can click the second column for e.g. the "googletagmanager" row to block all scripts from them, or block all 3rd party.
 
>For example, if all allowed, that would potentially permit doubleclick or googletagmanager, which I would never want to allow.

Isn't that what the advanced mode dynamic filtering on uBO is for, which you already show on your screenshot? You can click the second column for e.g. the "googletagmanager" row to block all scripts from them, or block all 3rd party.
Got started years ago with NoScript and uBO, never looked deeply into uBO advanced mode dynamic filtering - or if I did it's long been forgotten from disuse.

So apparently using NoScript based on what uBO allows or not is redundant? Just more tedious extra work? And while I'm at it might as well block everything once and for all showing a minus, at least in the second column?

Many thanks for pointing me to that.

Much more homework for me here
 
Last edited:
>So apparently using NoScript based on what uBO allows or not is redundant
Yeah, for 99% of cases you can use point-click dynamic filtering in uBO to get the effects of noscript. There are subtle differences though such as the fact that uBO dynamic domain filtering blocks all requests to the domain without necessarily distinguishing between type (e.g. script vs css), whereas noscript probably only touches scripts. uMatrix used to be the finer-grain version, but that's no longer supported. That being said you can manually create static filter in uBlock to whatever granularity you need, but it's not as point-and-click.

There is also the issue that when blocking a script with uBO it does not trigger the <noscript> fallback tags.
 
>So apparently using NoScript based on what uBO allows or not is redundant
Yeah, for 99% of cases you can use point-click dynamic filtering in uBO to get the effects of noscript. There are subtle differences though such as the fact that uBO dynamic domain filtering blocks all requests to the domain without necessarily distinguishing between type (e.g. script vs css), whereas noscript probably only touches scripts. uMatrix used to be the finer-grain version, but that's no longer supported. That being said you can manually create static filter in uBlock to whatever granularity you need, but it's not as point-and-click.

There is also the issue that when blocking a script with uBO it does not trigger the <noscript> fallback tags.
Thanks again. Now, trying to get my head around exactly what I'll be giving up by disabling NS. Btw, used to use uMatrix a few years ago before support was discontinued. Although I do know someone who still swears by it, even unsupported. Haven't looked into it recently, but when it was discontinued, that seemed to affect only the filter lists no longer being updated.

@Wfh: appreciate the suggestion to contact support. Created a ticket and now in the midst of trying to sort things out. One thing that does suggest it might be a bug at github's end is that when hitting the billing information Save button, very briefly get the no access symbol.
 
Just a reminder that there have been no reports of these exploits being used in the wild. I really wouldn't recommend spending energy worrying about this.
OK, no exploits yet or maybe never. But basic question: would you feel confident using Chromium Legacy now before it's updated to log into, e.g., paypal, or any other "sensitive" site, including anything like github sponsor which requires credit card info? A few months is a really long time to go without the security patches in the latest 126. And then by the time it's finally updated, there will probably be another version involving a long wait.

Btw, speaking of github sponsor, my donation went through. Just required some quite simple changes in the billing form.
 
Last edited:
would you feel confident using Chromium Legacy now before it's updated to log into, e.g., paypal, or any other "sensitive" site, including anything like github sponsor which requires credit card info?
Yes, and I actively do all these things in Chromium Legacy on my computer! It is important to update once that's possible, but in the meantime it's really fine.
 
Has developement for Chromium legacy finally stopped?

And one thing aside...
Which version generally should be used:

124.0.6367.207.1 (stable) from May 16., or
1303823 (latest) from May 29. ?
What is the difference between theese numbers?
Thanks
 
Has developement for Chromium legacy finally stopped?

And one thing aside...
Which version generally should be used:

124.0.6367.207.1 (stable) from May 16., or
1303823 (latest) from May 29. ?
What is the difference between theese numbers?
Thanks
You want to use Stable in almost all cases. The build from May 29 is based on Chrome's "Canary" channel and so is likely to be more buggy.

No one knows when or if Bluebox will update Chromium Legacy. That said, when Chromium Legacy temporarily disappeared from Github a few months ago, Bluebox was adamant that he was committed to the project long term.
 
Last edited:
  • Like
Reactions: aurora72 and Xde
It's probably not. They happen. I am curious if the glitches sound like this issue (please check if the mailbox message is in chrome://gpu).
Yes, I often get this. Also switching tabs then going back to the problem tab may show the url of the other tab and refreshing it doesn't cure the problem.

Another issue is that a web page may suddenly go blank - everything else is there, address bar with url, bookmarks bar, etc, just that the page I was browsing goes blank white. Facebook is the worst offender; refreshing may bring the page back for a split second then it goes blank again (or doesn't!).

In all cases of these issues - quitting Chromium then relaunching with the same session restored cures the issue, at least for a while.

I'm also running Mavericks .
 
  • Like
Reactions: aurora72
Yes, I often get this. Also switching tabs then going back to the problem tab may show the url of the other tab and refreshing it doesn't cure the problem.
Have you tried launching Chromium with `--in-process-gpu` to see if that fixes it? It does for me.

I think I'm going to go ahead and make my PrefPane add that automatically. I haven't done it yet because it has a side effect—GPU crashes that would normally only take down one tab will instead crash the whole browser. But in two months of Chromium Legacy use this hasn't been a real-world problem.
 
  • Like
Reactions: aurora72
Have you tried launching Chromium with `--in-process-gpu` to see if that fixes it? It does for me.

I think I'm going to go ahead and make my PrefPane add that automatically. I haven't done it yet because it has a side effect—GPU crashes that would normally only take down one tab will instead crash the whole browser. But in two months of Chromium Legacy use this hasn't been a real-world problem.
How would I do that?

I'm not sure I've experienced a GPU crash! In any case, relaunching and restoring the previous session would minimise the damage?.
 
How would I do that?
In a Terminal, run:

/Applications/Chromium.app/Contents/MacOS/Chromium --in-process-gpu

In any case, relaunching and restoring the previous session would minimise the damage?
Yes of course. And as I've said in two months I've never had this happen, unless I go to one specific page (equinox.space if you are interested—it crashes due to what I'm convinced is an nVidia graphics driver bug, it doesn't happen on my laptop with Intel graphics and it happens in other browsers too.)
 
Does that set a flag (so it's only needed once), or does it have to be done every time?.
Every time. If you use the PrefPane you can add it semi-permanently (it will stay in effect until the next time Chromium Legacy is updated) by opening Contents/MacOS/Chromium in a text editor and adding --in-process-gpu to the last line.
 
Every time. If you use the PrefPane you can add it semi-permanently (it will stay in effect until the next time Chromium Legacy is updated) by opening Contents/MacOS/Chromium in a text editor and adding --in-process-gpu to the last line.
All that's there is the Preference Pane's Unix Executable file, no separate file "Chromium" - I can edit plist files using TextWrangler, but how do I edit an executable?
 
All that's there is the Preference Pane's Unix Executable file, no separate file "Chromium" - I can edit plist files using TextWrangler, but how do I edit an executable?
Sorry, I mean inside the copy of Chromium Legacy installed by the PrefPane.

But I also actually just updated my PrefPane to add the command line flag automatically, so if you want you can just redownload the PrefPane and reinstall Chromium Legacy. (Use the uninstaller on the old version of the PrefPane before installing the new one.)
 
Sorry, I mean inside the copy of Chromium Legacy installed by the PrefPane.

But I also actually just updated my PrefPane to add the command line flag automatically, so if you want you can just redownload the PrefPane and reinstall Chromium Legacy. (Use the uninstaller on the old version of the PrefPane before installing the new one.)
Done. I'll monitor how it behaves... :).
 
Done. I'll monitor how it behaves... :).
Unfortunately, though I've not seen a recurrence of the 'rogue tab' behaviour, I'm still getting the 'page going blank' issue several times. Most often in Facebook, but also in other forums. Never with streaming video though.
 
For security reasons, I highly recommend everyone go into chrome://settings/content/v8 and select "Don’t allow sites to use the V8 optimizer". (This is Chromium's JIT compiler, for those who know what that means).

This will make your browser slower! However, it's not nearly as bad as I expected (I lost one point in browserbench.org), and it will make your browser measurably more secure. In particular, a very dangerous new exploit has come out—the worst kind, it allows websites to run code on your computer outside the browser—and Chromium Legacy has not been updated with a patch.

You can re-enable the V8 optimizer for individual websites you trust, speeding them up.
 
Last edited:
  • Like
Reactions: MacBiter and RK78
For security reasons, I highly recommend everyone go into chrome://settings/content/v8 and select "Don’t allow sites to use the V8 optimizer". (This is Chromium's JIT compiler, for those who know what that means).

This will make your browser slower! However, it's not nearly as bad as I expected (I lost one point in browserbench.org), and it will make your browser measurably more secure. In particular, a very dangerous new exploit has come out—literally the worst kind, it allows websites to run code on your computer outside the browser—and Chromium Legacy has not been updated with a patch.

You can re-enable the V8 optimizer for individual websites you trust, speeding them up.
done
 
For security reasons, I highly recommend everyone go into chrome://settings/content/v8 and select "Don’t allow sites to use the V8 optimizer". (This is Chromium's JIT compiler, for those who know what that means).

This will make your browser slower! However, it's not nearly as bad as I expected (I lost one point in browserbench.org), and it will make your browser measurably more secure. In particular, a very dangerous new exploit has come out—literally the worst kind, it allows websites to run code on your computer outside the browser—and Chromium Legacy has not been updated with a patch.

You can re-enable the V8 optimizer for individual websites you trust, speeding them up.
Thanks for keeping us safe.
No content setting available here. Instead, found this in Settings->Privacy/Security->Security->Advanced (But beginning to think that Bluebox may have abandoned this project.)

Settings->Security->Advanced.pngPrivacy:Security V8 Optimizer Don't Allow.png
 
For security reasons, I highly recommend everyone go into chrome://settings/content/v8 and select "Don’t allow sites to use the V8 optimizer". (This is Chromium's JIT compiler, for those who know what that means).

This will make your browser slower! However, it's not nearly as bad as I expected (I lost one point in browserbench.org), and it will make your browser measurably more secure. In particular, a very dangerous new exploit has come out—the worst kind, it allows websites to run code on your computer outside the browser—and Chromium Legacy has not been updated with a patch.

You can re-enable the V8 optimizer for individual websites you trust, speeding them up.
Curious to know more about this exploit, paricularly if it's now seen actively in the wild. Perhaps you can point to something directly with more information. And wondering if perhaps you've been directly in touch with Bluebox about any forthcoming updates? Thinking sadly that I may have to give up on Chromium-Legacy, if this no updates/no patches situation persists much longer.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.