Chrome 79 always starts a core dump and crashes

[Steelskin 2]

Actuall pkill did not work you have to kill -9 pid on each eset daemon

 

 

[Vrana 0]

I just executed:  sudo systemctl stop esets

and then with xkill killed the gui

[tarhan 1]

On 12/13/2019 at 10:23 PM, Marcos said:

It's weird since ESET NOD32 Antivirus for Linux desktop does not affect browsers at all. I'd suggest collecting logs as per the KB https://support.eset.com/en/run-the-info-getcommand-on-a-linux-virtual-machine-and-send-the-logs-to-eset-technical-support and supplying logs to customer care for perusal.

You are lying here. Yes, NOD32 maybe does not specifically affect browsers. But to intercepting launching viruses you installing intercepting library affecting all applications. Even which launched via systemd.

Error SIGILL (Illegal instruction from Chrome output in terminal) usually means that application was compiled for newer CPU which have instructions which you CPU does not have. In past Chrome already started to SSE2 instructions which was not on Pentium 4 and some Atoms CPUs.

But in this particular case reason is different since after uninstalling ESET Chrome 79 starts working normally. Maybe during injection your code in Chrome (from library libesets_pac.so ) something leads Chrome (or maybe ESET) to execute illegal instruction. Besides Chrome CUPS subsystem (printers) not working with ESET. I don't know since when. In logs both says "ERROR: ld.so: object 'libesets_pac.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored."

Maybe because of NOD32 unable to inject libesets_pac.so code using LD_PRELOAD in Chrome and inject successfully some other library then it leads to inconsistent behavior.

Visually Chrome 79 with ESET installed blinking randomly with some freezes. Chrome uses dedicated processes for rendering pages which only "streaming" rendered content to main process with UI for presenting to user. Maybe Chrome 79 using some new IPC methods to transfer rendered content which NOD32 intercepts and parsing for too long (causing blinking in main UI process' OpenGL Context). 

I've never looked to Chromium source code so I'm not sure if I'm right about new IPC (if it is new).

Also I mine cause graphical system in Ubuntu is X11. 

It is better to other victims of such error to reply if you are using Wayland (in case X11 do not answer to prevent flooding in thread). It is maybe related. To check which system you are using enter in terminal following command:

echo $XDG_SESSION_TYPE

 

[YinYang 0]

Issue has spread to Opera, now only usable browser is firefox

[Vrana 0]

So Opera upgraded its rendering engine as well.

Other unaffected browser is Pale Moon.

It's really necessary for ESET to see to it!

[peteyt 393]

4 hours ago, Vrana said:

So Opera upgraded its rendering engine as well.

Other unaffected browser is Pale Moon.

It's really necessary for ESET to see to it!

From what I've seen eset knows the issue and is fixing it but not for this version. Don't quote me on this as I'm unsure the details but someone did say this is a legacy product so is no longer suported

[peteyt 393]

On 1/8/2020 at 9:28 AM, Rami said:

ESET for Linux Desktop is legacy product , it's barely updated , only the modules.

but I have no problem with my Chromium and ESET, I wonder why.

https://www.eset.com/uk/home/antivirus-for-linux/

This link says 2020 version which seems to suggest it's still being updated as its being sold and advertised as new in a way which if it is legacy is odd

[Nightowl 202]

38 minutes ago, peteyt said:

https://www.eset.com/uk/home/antivirus-for-linux/

This link says 2020 version which seems to suggest it's still being updated as its being sold and advertised as new in a way which if it is legacy is odd

There should be a version coming for Linux endpoints but not for home usage , version 7

I don't know about Home editions and how much time it will take for a home edition to come or if it's planned

and about the v4 is legacy indeed because ESET already dropped V4 for Windows since a long time.

But as a scanner it does it's job , but with AppArmor denying it to enter different places , I don't know how much effective is v4 with AppArmor denying everything for it.

Edited January 13, 2020 by Rami

[YinYang 0]

Hi,

would that mean that the current Linux V4 version being sold has no support ?

I've seen this issue reported some time ago, some comment about V4 discontinued, and have seen no comment regarding solution/fix or workaround...

This is VERY worrying to what seemed to be a unique very good linux product with no rival to match or compete at this level on the market.

Best Regards.

[peteyt 393]

5 hours ago, Rami said:

There should be a version coming for Linux endpoints but not for home usage , version 7

I don't know about Home editions and how much time it will take for a home edition to come or if it's planned

and about the v4 is legacy indeed because ESET already dropped V4 for Windows since a long time.

But as a scanner it does it's job , but with AppArmor denying it to enter different places , I don't know how much effective is v4 with AppArmor denying everything for it.

The link above for the 2020 version is for the home edition which would indicate a new version has came out recently.

I don't use or have any experience in linux I just find it odd if it is legacy and no longer supported why is it being sold as a new 2020 version with nothing stating it is legacy.  Maybe this is me missing something but I just find it odd

[Nightowl 202]

11 hours ago, peteyt said:

The link above for the 2020 version is for the home edition which would indicate a new version has came out recently.

I don't use or have any experience in linux I just find it odd if it is legacy and no longer supported why is it being sold as a new 2020 version with nothing stating it is legacy.  Maybe this is me missing something but I just find it odd

It could be a marketing mistake it happens,

It's still supported but unlike Windows and MAC versions , probably because it's less used in the market compared to the other operating systems , The program updates are quite slow , but modules and updates are normal , but still you need to do some tweaks , AppArmor(Linux kernel security module) blocks ESET from accessing so many places , that will make it a little bit controlled in the areas that can be scanned , unless you are a little bit experienced with Linux and can make configuration for nod32 to be allowed in AppArmor

It's a basic scanner , as it was back in the days of v4 , It works perfect as a scanner, but has it's troubles.

Edited January 14, 2020 by Rami

[denixx 7]

Hi all!

@Marcos, please, take a look at Google Chrome Community post that is connected to this issue:

https://support.google.com/chrome/thread/17555930?hl=en&msgid=17960551

Also, mine logs are available here: https://support.google.com/chrome/thread/25526047?hl=en

 

Direct link to logs: https://www.dropbox.com/s/j6rqlinuik612nq/google_chrome_unstable_flickering_and_crash.txt?dl=0

Edited January 16, 2020 by denixx

[Miroslav N. 0]

Dear Eset,

I have probably same issue as other participants of this discussion (Ubuntu 18.04 + ESET antivirus for linux 4.0.93.0 + Chromium 79* > crashes with log messages mentioned above). I am currently using workaround with stoping the AV deamon + using snap package in VM. But these are only a temporary and problematic workarounds.

You have mentioned, that the issue will be addressed in Endpoint version. Please provide us, owners of NOD32 ANTIVIRUS FOR LINUX DESKTOP, also with an instructions how to solve this situation. I am still not sure, if you plan to address this issue also in our product, or upgrade all of us to Endpoint. Or something else. 

Kind regards and looking forward to your answer

Miroslav

[Nightowl 202]

1 hour ago, Miroslav N. said:

Dear Eset,

I have probably same issue as other participants of this discussion (Ubuntu 18.04 + ESET antivirus for linux 4.0.93.0 + Chromium 79* > crashes with log messages mentioned above). I am currently using workaround with stoping the AV deamon + using snap package in VM. But these are only a temporary and problematic workarounds.

You have mentioned, that the issue will be addressed in Endpoint version. Please provide us, owners of NOD32 ANTIVIRUS FOR LINUX DESKTOP, also with an instructions how to solve this situation. I am still not sure, if you plan to address this issue also in our product, or upgrade all of us to Endpoint. Or something else. 

Kind regards and looking forward to your answer

Miroslav

I still don't know what is different in my system that is not causing Chromium 79 to crash

[denixx 7]

5 minutes ago, Rami said:

I still don't know what is different in my system that is not causing Chromium 79 to crash

Could you please at last install Chrome v79+ from Google and stop being amazed?

Also, please follow up the Craig's post here: https://support.google.com/chrome/thread/17555930?hl=en&msgid=22484348

He says:

"Hello everyone,

We’re following up to let you know that we plan to enable the underlying feature (Renderer Code Integrity) that resulted in the previous incompatibilities with the release of Chrome M79 today."

 

Looks like it's an issue of Chrome from Google.

Not a Chromium one.

Also, I would take your attention to the fact that Chromium != Google Chrome.

check this, please

Thank you!

[Nightowl 202]

4 minutes ago, denixx said:

Could you please at last install Chrome v79+ from Google and stop being amazed?

Also, please follow up the Craig's post here: https://support.google.com/chrome/thread/17555930?hl=en&msgid=22484348

He says:

"Hello everyone,

We’re following up to let you know that we plan to enable the underlying feature (Renderer Code Integrity) that resulted in the previous incompatibilities with the release of Chrome M79 today."

 

Looks like it's an issue of Chrome from Google.

Not a Chromium one.

Also, I would take your attention to the fact that Chromium != Google Chrome.

check this, please

Thank you!

I'm not amazed , I am trying to know what the problem is and try to help with it , if you are being rude that doesn't fasten the process of fixing your problem , and no I don't need to take it from Google , I take Chromium from the Terminal which is enough and good for me

And yes it's not NASA's plans to know that Chrome is not Chromium , you are not adding anything to me , with your reply also, and Chromium and Chrome is almost the same code..

[denixx 7]

Just now, Rami said:

I'm not amazed , I am trying to know what the problem is and try to help with it , if you are being rude that doesn't fasten the process of fixing your problem , and no I don't need to take it from Google , I take Chromium from the Terminal which is enough and good for me

And yes it's not NASA's plans to know that Chrome is not Chromium , you are not adding anything to me , with your reply also, and Chromium and Chrome is almost the same code..

Sorry for pressure. My fault.

But you are just looking at wrong browser, it would not be affected at all, as I understood.

Also (not for being rude, but for numbers and talking about the same things) - the problem potentially affects more than a half of users of linux platform. The ones, who use ESET product for this platform, actually.

[Nightowl 202]

2 minutes ago, denixx said:

Sorry for pressure. My fault.

But you are just looking at wrong browser, it would not be affected at all, as I understood.

Also (not for being rude, but for numbers and talking about the same things) - the problem potentially affects more than a half of users of linux platform. The ones, who use ESET product for this platform, actually.

And ESET is not giving so much support for Desktop Edition, because it's not a priority and not much used in the marketshare. , so either you wait for a hotfix , or you just uninstall it once and for all , or simply switch Chrome to Chromium, It's amazing knowing Google is after every step of yours.

[denixx 7]

Also, please not take my words "wrong browser" as rudeness, I like FOSS.

I just meant that you would not find any issues with FOSS Chromium as it's unaffected, the Google did something in it's own product, actually.

[Nightowl 202]

59 minutes ago, denixx said:

Also, please not take my words "wrong browser" as rudeness, I like FOSS.

I just meant that you would not find any issues with FOSS Chromium as it's unaffected, the Google did something in it's own product, actually.

Lately Chrome prevented AVs from being able to inject into the browser so few months ago Chrome was requesting the user to remove ESET on Windows , it could be the same thing in Firefox , ESET is trying to do something with Chrome and causing a crash.

[denixx 7]

7 minutes ago, Rami said:

Lately Chrome prevented AVs from being able to inject into the browser so few months ago Chrome was requesting the user to remove ESET on Windows , it could be the same thing in Firefox , ESET is trying to do something with Chrome and causing a crash.

"Chrome was requesting the user to remove ESET on Windows"

Huh, thank you, quite interesting info. Could you please guide me somewhere to read about it? I mean to some official places.

As I am also using ESET Smart Security Premium on three of my Win10 machines, and wasn't affected, maybe.

I want to observe the situation.

Is this also posted somewhere in the Google Chrome Community forums?

 

//Sorry for offtopic

[Nightowl 202]

8 minutes ago, denixx said:

"Chrome was requesting the user to remove ESET on Windows"

Huh, thank you, quite interesting info. Could you please guide me somewhere to read about it? I mean to some official places.

As I am also using ESET Smart Security Premium on three of my Win10 machines, and wasn't affected, maybe.

I want to observe the situation.

Is this also posted somewhere in the Google Chrome Community forums?

 

//Sorry for offtopic

You can find that here :

I believe Google did some kind of change in Chrome that change is making problems with the legacy code of v4.

 

EDIT : Also I am sorry If I was rude or aggressive with my reply , I didn't mean that.

But you made me angry

Edited January 16, 2020 by Rami

[denixx 7]

2 minutes ago, Rami said:

You can find that here :

Thank you!

2 minutes ago, Rami said:

I believe Google did some kind of change in Chrome that change is making problems with the legacy code of v4.

Yep. They named it "Renderer Code Integrity".

I found this via search: https://9to5google.com/2019/10/29/google-chrome-78-aw-snap-crash-windows/

"With Chrome 78, Google introduced a Windows 10 specific feature called “renderer code integrity,” which is designed to prevent unsigned code from taking control of Chrome’s page rendering processes. Generally speaking, this was designed to stop most viruses from being able to change the way Chrome’s pages load."

Does it mean that, libesets_pac.so is not signed? Does it mean that simple "signaturing" of this lib will fix a problem? Is that available under linuxes? Should Google turn this feature off for linuxes?

I could see libesets_pac.so in stacktraces of chrome crashes in journalctl ( https://www.dropbox.com/s/j6rqlinuik612nq/google_chrome_unstable_flickering_and_crash.txt?dl=0 )

[denixx 7]

Interesting.

Does 

Quote

–disable-features=RendererCodeIntegrity

still work...

I would check that now.

[Nightowl 202]

It could be possible that it's not signed , because it's a legacy product and I don't think Google will pay attention to it , neither ESET did update it for the newly updated Chrome.

Our only hope is ESET. , I don't want to download Chrome and reproduce the bug because I am afraid it will make me some troubles , when troubles come to Linux , it's hell.