Security? (Chromium versus Firefox)

Discussion in 'other software & services' started by bellgamin, Mar 12, 2023.

  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I am in process of deciding between Chromium & Firefox. In your opinion, which of these 2 browsers is more secure? Or is it a toss-up?
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Probably Chromium (if is not totally outdated), but Firefox is secure enough for me
     
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    same secure*, dont mind which one you want to use at least.

    * because firefox uses its own (strong) certification store it is much easier when pages with ssl issues are sorted out much faster.

    Concerning chromium instead chrome - chromium is compiled by voluntaries. there exist no official build except the daily builds from "authors" which ofc have limitations (eg no sync). so i consider chromium not that secure as chrome.

    concerning chromium updates i have no clue how it functions if available. chromium got into background here since i use edge for rare cases with sync enabled.

    concerning extensions chrome/chromium are definitely less secure than firefox. the chrome store keeps extensions that have been sorted out due tracking/spying or hidden ads on mozilla addons (AMO). Example is the bunch of FVD extensions. even the author of S3 extensions (translator, downloader) has tried it and was close to permanent ban.

    usability - there are small differences but at least all behave same, use same clicking, shortcuts etc. firefox is more versatile for moving its elements around the bars where edge/chrome can not.
     
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    In which Operating System?
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    from my personal view - does not matter.
     
  6. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    It does matter because:
    1) sandboxes are implemented on OS-specific features, which influences it's design
    2) in many cases new chromium versions on Gnu/Linux are build by distribution developers, which determines how fast security fixes are rolled out

    Anyway Google releases official Chrome for Linux too, so it may be most secure Linux browser, especially out of box
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Hi Bellgaimin,

    assuming you are still running Linux, Chrome is probably more secure because it utilizes Linux sandboxing.

    https://chromium.googlesource.com/chromium/src/+/main/docs/linux/sandboxing.md

    When entering chrome://sandbox in the address bar:

    Chrome Linux sandbox.png

    The seccomp-BPF sandbox is the main and most important sandbox which shelters the kernel from malicious userspace code.

    That said, you will be perfectly safe and fine using Firefox in Linux as well, especially if you keep it up to date and utilize a good content blocker such as uBlockO. I use Firefox primarily in Linux, and I also have Chrome-Stable and MS Edge installed as well.

    All three are confined with Apparmor profiles, although this latter security measure is essentially overkill for a home user utilizing common sense browsing, but I use it because it's fun and a kind of hobby. From what I've been reading over the years, it seems that browser plugins and extensions are more of a security concern than the browser itself.
     
    Last edited: Mar 12, 2023
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    From what I understood, Chromium is probably a bit safer than Firefox on Windows, when it comes to protecting against zero days. But I wouldn't be too worried about it, since you should always use some type of anti-exploit software anyways.
     
  9. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    This is hard to tell. Firefox has considerably improved its sandboxing and has introduced process isolation as while ago. So the differences between both browsers are probably not significant. But even if the Chromium sandboxing is still a bit superior, Firefox offers two other advantages:

    1. Parts of its code is written in Rust. And while it's true that it is only about 10% of the whole code, it's a very crucial part - namely the rendering engine (WebRender). Both Google and Microsoft confirmed in their research that about 70% of all vulnerabilities are caused by memory-related errors - and these are exactly the errors prevented by Rust. This is not available in Chromium (-based browsers).
    2. Only Firefox offers recommended add-ons which are "curated extensions that meet the highest standards of security, functionality, and user experience. Firefox staff thoroughly evaluate each extension before it receives Recommended status." This manual vetting (on top of the automatic checks) is not only done when such an add-on is newly added to AMO but also for every update. That's why, e.g., a new version of uBlock Origin is not immediately available in AMO. If you stick with those recommended extensions you're much safer.
     
  10. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    to #8 - maybe.
    i noticed this for firefox (or "iceweasel") when its not created by mozilla.
    thats why its recommended to use the original from mozilla to get security updates as fast as possible, either as package or snap.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes good points, so if I understood correctly, Firefox should have less ''remote code execution'' holes and there should be less shady extensions available for Firefox, at least in theory.
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    What did you noticed?
    Back in the day Canonical pushed just as fast as as current Snap by Mozilla.
    And I was refereing more to chromium with this comment about updates
     
  13. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    same reason - updates are performed through some author or package and not all time performed. for firefox, or for chromium. (iceweasel is debian concerned.) could be fatal when the vulnerability is high rated.
     
  14. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Linux Zorin
     
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    I would prefer Firefox.
    But the person who recommended Chromium to you is not wrong either.
    Probably the best strategy is to install both and choose the one that best suits your personality.
     
  16. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada
    Peronsally I could care less which browser is the most secure and more about which browser works the best on my computer and has the most features I want/need.
     
  17. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Many thanks for those links -- very very informative!!! I never knew Chromium had a sandbox. And YES, I am still running Linux -- & loving it. :-*
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    @summerheat -- I also didn't know that Firefox has a sandbox. Is there any recent write-up on this? The most recent article I could find was THIS one, by Sophos -- and it's for FF version 95.0 whereas the latest for my Linux computer is 110.0.1.

    It's a revelation (to me, at least) that FF uses Rust for part of its programming routines -- that's a really great asset for FF. I wonder if Chromium can measure up to FF, given that some 10% of FF's code in a more bullet-proof type of coding?
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    @ everyone -- HERE is the scoop that I googled on RUST. Very interesting!!!

    BTW, I thought this thread would just give me a few opinions & not much else. Instead, it has turned into a very informative and (for me, at least) a wonderfully educational thread. I have found NOwhere else than can come close to matching Wilders when it comes down to:
    1- Meaty, informative security discussions...
    WITHOUT
    2- Turning into mud-slinging contests &/or off-topic ramblings.
     
  18. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    6,167
    hi
    firefox for me , about chrome there so many extensions not very well controlled
    Google does detect many extensions dangerous even 1 year later
    without extensions , the most updated
     
  19. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I use only 3: uBlock Origin, Decentraleyes, & AVG Online Security.
     
  20. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    You can see the used sandboxing technologies by executing about:support . Close at the bottom of that site you can see, e.g., seccomp-bpf, user-namespaces and some more.

    The Mozilla article is https://wiki.mozilla.org/Security/Sandbox. Unfortunately, it's not quite up-to-date, the last update was in Aug. 2020. Here's an article about site isolation (the so-called Fission project), here's an update.

    That's about RLBox which is an additional sandbox introduced for some shared libraries. More of them are being included. But the general security architecture is very similar (and derived from) the one in Chrome and is detailed in the first article above.

    The latest percentages of the various programming languages used in Firefox can be seen here. Google is said to be planning to implement Rust in Chrome but it's not easy to rewrite large parts of the code (which is completely in C++). For Firefox, the major work was done in the Servo project which took years and resulted in a complete rewrite of the rendering engine.
     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Wow, and there it is running under Linux...

    Firefox sandbox-Linux.png

    Thanks for this, summerheat! There you go @bellgamin , Firefox does have its own sandbox as well :thumb:
     
  22. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    A sandbox PLUS Rust -- FF carries the day -- well, sorta. I still can't find an adequate bookmarks manager among FF's available extensions. I use bookmarks a lot, so an efficient bookmarks drop-down menu-maker is a must for me. Chromium has a superb one.
     
  23. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    You're welcome. :)
    You also see "GPU Process Sandbox Level" at 0 at the bottom. I think it's only relevant for Windows at the moment (although I've manually changed it to 1). On the other hand this article says at the bottom:

     
  24. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Ctrl-Shift-O opens the bookmarks manager. Is that what you're looking for?

    EDIT: You can also modify Firefox's appearance by right-clicking the toolbar at the top and chosing "Customize toolbar". Then you can drag your favourite items (among them the Bookmarks Menu) to the toolbar. Much more flexible than every Chromium-based browser.
     
    Last edited: Mar 13, 2023
  25. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Very true, even when using an updated browser.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.