Technical security of Firefox vs Chromium

Continuing the discussion from Is the Tor browser safe?:

Side note on the Firefox vs Chromium security debate:

Is Chromium more secure than Firefox on a technical level? From what I understand, yes it is.

Is Firefox unreasonably insecure for most people? I don’t think so. If these were cars and one had a crash safety rating of 5 stars while the other had 4 stars, I don’t think we would call the second car unsafe in the event of a crash. At that point you may also want to pair that with other features and benefits you’re looking for, like who makes the project and whether having a different web engine is important - whatever else you’re looking for from a browser as a tool/product.

Is this is a factor to consider? Absolutely, and I don’t think folks should feel bad for picking Brave or Chromium for this reason. However, I think that the difference in day-to-day scenarios is negligible for most people. In my non-technical opinion, I think Firefox is even secure enough for security and privacy conscious people.

But if you want the most secure browser, yeah, I think it’s Chromium in part because of its sandboxing.

3 Likes

All we need to answer the security question: Firefox and Chromium | Madaidan's Insecurities

Honestly Firefox kinda sucks, use stock Chromium (not ungoogled, also not on Fedora, as some security features like CFI might not be working) if you want security and disable the few things bad Google about it.

As we already see with Manifestv3: Google is not afraid of radically changing its browser to benefit them. We need to keep at least one other option to Chrom(e/ium) alive at all costs.
Competition brings greatness, and we are on the verge of Google literally owning the internet.

Decide for yourself whether the ethics or slight security benefit are more important to you.

3 Likes

But this is not related to the topic of Technical security.

Yes it is. - No FOSS browser means trusting google to keep you and your browsing safe, means it wont be audited independantly and innovation in all aspects will decrease

1 Like

Please note FOSS doesn’t equal more Security or better code quality.

https://source.chromium.org/chromium you wanna audit it right now? Here you are, everything you need.

Your argument doesn’t make sense as Chromium is FOSS

In a lot of cases the complete opposite. While FOSS allows you to look at code, it doesn’t mean that the person producing code knows how to code well.
This is not about FOSS itself,rather the philosophy of the FSF, but only FOSS is also horrible for your security. Let’s simply loot at firmware and you should know why we currently require proprietary software for our security.

Sorry, I assumed you would have read this comment of mine, but its in another thread.

Quote:

If Tor relied on Chrome, or Chromium, and Firefox were to be discontinued, google would wait a few months and cancel Chromium as well, leaving us with no private and secure browser at all. New chrome security vulnerabilities would be found, and tor would be unsafe.

imo Tor is a crucial part in keeping FireFox alive.
I do not dislike chromium, or like Mozilla. This is just that in this case, Ideology is a make or break deal. Google has a firm grip on Chromiums throat already, and if we arent careful we are left with nothing.

Links or PaleMoon are no viable replacement for FF either.

Haven’t seen this reply and didn’t know you were talking about this.
While I personally disagree with the statement that Google would discontinue/cancel Chromium, I agree with the part that Tor is helping Firefox to survive. Simply based on this here Partnering with Mozilla | The Tor Project

Yes, Google controls Chromium (and a lot of other things) and from that POV we should support Mozilla. But that is morals (most people don’t even care about this), not the security based on the source code. In this regard, Chromium simply is the best (and even Chromium kinda sucks with the amount of CVE’s patched every release).

What we also shouldn’t forget is that for most people, this doesn’t even matter that much (simply talking about privacy; that Chromium offers beter protection against e.g. Retbleed is something that matters for everyone) as they already give their life to Google, Meta and so on.

Google does not benefit from a FOSS browser, and just tries to poison the foss browser environment imo.

If they did kill Chromium and FF was not a thing, you too would have to agree that Brave and all other Chromium derived browser would have to be discontinued.
Manifestv3 is bad enough as it is, but the last thing we need is to not even have a alternative.

I disagree, they benefit from Chromium being FOSS. At least currently, as this ensures a bigger market share (web engine) and therefore a monopoly/being able to add whatever they want and FF having to adept to the new Chromium features.

We do not know what would happen if FF died, but I doubt that it would be the end of Chromium being FOSS. Hence if Google disliked the Chromium based browsers, they could simply abandon Chromium right now.

Google maintains Chromium as they want Blink and not webkit2 to be the dominant web engine. Google also benefits from other people developing Chromium.
Google probably will continue having Chromium FOSS the same way Android is FOSS. They might make some features not usable if you’re not on Chrome (like the add-on store), but probably won’t kill Chromium being FOSS if FF died.

This reason you mention is basically the philosophical reason people want to stick with Firefox. Google has a gargantuan amount of influence over the open web through its browser, and Firefox with its own unique web engine is one of the only other browsers resisting that control. When you take that idea with the fact that Firefox isn’t that much worse in security and can be made more private than Brave, you a get a reasonable product that helps to keep a Big Tech company from monopolizing what many consider to be a public utility at this point.

Also, from what I understand Google is the only company that’s really contributing to and maintaining Chromium so they still have the most control. Microsoft entering the fray through Edge does make me feel better because there’s at least another Big Tech company that can put their thumb on the scale if needed to counter-balance some of Google’s ideas. Even so, both parties would be interested in a more closed internet where services have to be provided through their own products. Microsoft is incentivized to keep things open enough to make room for themselves.


Man, it’s a big can of worms that I can’t even fully dissect, lol. I think we all agree that Chromium is the more secure browser. I would argue that Firefox is not that far behind for most people, including the privacy community. Because security is so close in my opinion, there’s enough room to consider other factors for which browser you want to use. Basically, use Chromium, Brave, or Firefox and you’re good. Deciding between those three is up to the values and tradeoffs you bring to the table.

So not security, which is why I said from the beginning “this is not related to Technical security”.
Yes you should use FF based browser, or FF itself, if you’re fine with the lack of security (hence even I try to use Firefox with disabled JSy simply because I do not want to solely support Chromium).