Reproducible, plausibly dangerous, and not mentioned in the "install" section of the man page.
Sure, if one knows that canonical-published snaps can trigger installation of 3rd-party-published snaps despite specifically disabling the system-wide "APT::Install-Recommends" setting, one can act accordingly. But how would users even learn that snap, when solely instructed to install a non-privileged browser, also decides to enable a privileged network daemon? One that certainly has a high risk of exposing additional RCE bugs, the threat level of which in the snap scenario is however not obvious from documentation like https://ubuntu.com/security/cves?q=&package=cups -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2017447 Title: chromium installs cupsd snap To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2017447/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs