It's old news already, but I'd like to see them here for completeness.
Update to
5.1.2 (amongst other changes) deletes NPAPI plugin
/usr/lib/libkindleplugin.so, symlink
/usrl/lib/browser/plugins/libkindleplugin.so and directory
/usr/lib/browser, thus eliminating possible remote attack vector.
I didn't update to
5.1.2 yet, so I can't confirm, whether setting of LIPC property of
com.lab126.system still allow executing of arbitrary shell code. Anybody willing to check? (Anyway, it's a minor nuisance, as without browser plugin there is no more obvious remote access to KT.)
BTW, owners of Ubisoft games with Uplay, beware:
installation procedure creates a browser plugin for it's accompanying uplay launcher, which grants
unexpectedly wide access to websites.