This is probably not the update you want.
Let me be clear, it does fix the security vulnerabilities in this list:
CVE-2020-16044 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21117 CVE-2021-21128
But it will not behave like Google Chrome does.
Google has announced that it is cutting off access to the Sync and "other Google Exclusive" APIs from all builds except Google Chrome. This will make the Fedora Chromium build significantly less functional (along with every other distro packaged Chromium). It is noteworthy that Google gave the builders of distribution Chromium packages these access rights back in 2013 via API keys, specifically so that we could have open source builds of Chromium with (near) feature parity to Chrome. And now they're taking it away. The reasoning given for this change? Google does not want users to be able to "access their personal Chrome Sync data (such as bookmarks) ... with a non-Google, Chromium-based browser." They're not closing a security hole, they're just requiring that everyone use Chrome.
Or to put it bluntly, they do not want you to access their Google API functionality without using proprietary software (Google Chrome). There is no good reason for Google to do this, other than to force people to use Chrome.
I gave a lot of thought to whether I wanted to continue to maintain the Chromium package in Fedora, given that many (most?) users will be confused/annoyed when API functionality like sync and geolocation stops working for no good reason. Ultimately, I decided to continue for now, because there were at least some users who didn't mind, and if I stopped, someone else would start over and run blindly into this problem.
I would say that you might want to reconsider whether you want to use Chromium or not. If you want the full "Google" experience, you can run the proprietary Chrome. If you want to use a FOSS browser that isn't hobbled, there is a Firefox package in Fedora.
Oh, last, but not least, Google isn't shutting off the API access until March 15, 2021, but I have gone ahead and disabled it starting with this update. I'd rather you read about it here (even though most users will never see this) than have it just happen.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2021-b7cc24375bPlease log in to add feedback.
This update has been submitted for testing by spot.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
I'll always prefer chromium over chrome. Thank you for your work.
Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!
Honestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.