your web broswer Chromium choice

Discussion in 'polls' started by mantra, Jan 10, 2016.

?

your web broswer Chromium choice

  1. Chome

    42 vote(s)
    60.0%
  2. Chromium

    8 vote(s)
    11.4%
  3. Opera

    7 vote(s)
    10.0%
  4. SRWare Iron

    0 vote(s)
    0.0%
  5. Tor Browser

    0 vote(s)
    0.0%
  6. OperaTor

    0 vote(s)
    0.0%
  7. Slimjet

    4 vote(s)
    5.7%
  8. others

    9 vote(s)
    12.9%
  1. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,038
    Regular updates are all well and good for "known" security issues but there wil always be unknown issues so browsers are never truly secure so i dont understand this constant need to have the latest security patches in a browser.Let us not forget that chromium and chrome are major "privacy" issues in themselves.
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,594
    Location:
    Slovenia, EU
    @The Red Moon
    Chromium also has privacy issues? Which issues? There was one bad release, but I didn't hear about other issues.
     
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,038
    In regard to the hotword module but i see google has removed it entirely.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,594
    Location:
    Slovenia, EU
    Yes, I thought it was that incident but I wasn't sure.
     
  5. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,038
    at least google are transparent about what data they collect etc.
     
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,432
    A browser with the latest known security issues patched will more secure than one without them patched.
     
  7. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    So when do you know when a patched Chrome is patched in Chromium? Or perhaps it's the other way around?
    Is it secure/safe to use Chromium, if so, how often do you need to update it?
    I'm downloading 64bit builds from woolyss and I think they recommend updating it once a month.
     
  8. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I know this question was not directed toward me, but I hope it doesn't bother anyone if I share my suggestions. Those are good questions and I am very curious about this as well since I primarily use vanilla Chromium builds as well.

    Generally, Chromium is patched ahead of Chrome. That is where the Google developers work directly from. Google Chrome takes that Chromium source code and adds their own patches which are mostly branding and API related. If you wanted to know if specific security related bugs are fixed within certain builds, you will find everything that you need here: (https://code.google.com/p/chromium/issues/list) Another useful resource here would be OmahaProxy CSV Viewer (http://omahaproxy.appspot.com/) where you can cross reference different builds, release dates, and much much more.
    Personally, I would recommend chrlauncher (http://www.henrypp.org/product/chrlauncher) which is linked off of Woolyss' site as well which is portable and gives you the option of starting local or portable versions of Chromium. You can also specify in the configuration file whether you want to update the Chromium build every X amount of days (7 days, 30 days, whatever you choose). It uses the same resources/builds that Woolyss' site downloads from.

    Updating Chromium once per month might be alright, but I typically update every week. I suppose the more important thing is updating the Flash PPAPI version often if you are using that. But I usually update Chromium once per week and if I get a buggy build, I often roll back the build to a few days prior.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Yandex, unlike most Chrome derivates, it uses its own sync service. Compatible with Chrome and Opera extensions.
    It has all Chrome security advantages, uses Kaspersky scanner to scan downloaded files and Sophos webpage filter.
    Unfortunately its auto-updater sucks big time and Yandex is always a few months behind Chromium stable release.
     
  10. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    Thank you WildByDesign for the input and valuable links. I'm sure anyone is free to reply/comment on any posts if they'd like ^^

    When you say Google devs work directly based on Chromium, these are bugs not security bugs per se and not related to the Google bug bounty program, as far as I can see looking at the link you posted -
    the bugs seem not be security related at all.
    I'm more concerned about the 0 days that Google discovers and patches (via their bug bounty program) and I'm not sure if these patches implemented into Chromium.
    Or did I miss something..?

    Thanks for the tip regarding automated updates. I don't mind updating it manually though, since it's a matter of unzipping the compressed content but it's good to know there's
    a neat solution to this. Btw, Chromium 64bit version hasn't been updated for 1 month, due to compilation failures. The chrlauncher doesn't change this fact right?
     
  11. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Yes, you did miss something. Chrome is Chromium. Google developers work on Chromium. They then take Chromium, add a bunch of extras (like flash player) into a package, and release it as Chrome.
     
  12. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    That's correct, chrlauncher would also be affected by the current failure with those 64-bit builds. I don't know what's going on with that, but those builds have been failing since before Christmas.
     
  13. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    That part I already know. But it isn't clear to me if : When a security bug is discovered in Chrome (e.g. via their bug bounty program), it's actually discovered in Chromium. And when Google patches the 0-days, the patches are readily available for Chromium since it's Chromium they're actually patching? If a security bug is found and patched in current Chrome version 47.xx, which Chromium version does the patching occur?
     
  14. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    Yes that's a pity. Quite unusual there's no solution after 1 month.
     
  15. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    You still don't seem to understand. Nothing is changed in Chrome (with the exception of things like Flash) without first being changed in Chromium. Chrome is not open source, Chromium is, that is what is worked and hacked on.

    I think you're getting confused because you're viewing compiled versions of Chromium as some form of indicator that Chromium is patched. If you want to know when Chromium is patched, look at the Chromium code repository, don't look for compiled versions of Chromium.
     
  16. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    Ok, thanks for the explanation. I think I got it this time.
    So one could conclude that Chrome is actually more secure because the compiled Chromium may be delayed for various reason(s).
    The recent Chrome update that gave us version 48.x. with several security patches has not yet been compiled yet for Chromium.
    Or not since Dec 20 for the 64 bit version.
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    I see Tor Browser on the list. When did Tor start using Chrome for it's browser? It was always Firefox in the past when I used it. Is there more than one Tor Browser?
     
  18. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    284
  19. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    404
    Location:
    USA
    I've been testing Slimjet lately and find it works better with certain sites than either Chrome or Chromium. The latest version is Version 7.0.5.0 (based on Chromium 47.0.2526.73) and it scored 16/17 at Browserscope security tests.
     
  20. wildman

    wildman Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    2,181
    Location:
    Home on the range.
    Only because Firefox (witch I liked better) does not work well with Adobe dependent games. I do not like the clear options in Chrome and wish they were better and more like Firefox.

    Always,
    Wildman
     
  21. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,322
    I'm not sure about that.

    My take is this: a particular Chromium build is selected and converted by Google to Google Chrome. That particular selected Chromium build gets no more attention. All focus is then on Canary, dev, beta and stable as and when one is converted to the next. Patches will be applied, as appropriate, to Canary, dev, beta or stable. Here too, once Canary is converted to dev, all modifications are made to dev and not to the Canary from which dev was derived and so on.
     
  22. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    Ok, so it means whenever Google pushes out a patch for a 0-day, I should stop using the current Chromium and use the next (e.g. stable) version that hopefully has received the same patch.
    Question is when does the patch appear in Chromium stable?
     
  23. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,007
  24. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,322
    First, many times, browser developers don't disclose vulnerabilities they've patched. Here's an example
    From http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html

    Second, I'm not aware of anything being called "Chromium stable" at least by the Chromium developers.

    You may be interested in this: https://sites.google.com/a/chromium.org/dev/Home/chromium-security
     
    Last edited: Feb 10, 2016
  25. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517

    From the link :

    "security bugs automatically become publicly visible 14 weeks after they are fixed"

    So it's virtually impossible to know if a Chrome patch has reached a specific Chromium version?
    In other words, and if the reasoning I'm making is correct, Chrome is more secure than Chromium unless you know exactly which Chromium version that got the Chrome patch?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.