My main browser is Librewolf but I keep a chromium browser just in case. Previously used brave but their flatpak is shit. Ungoogled chromium seems ok but it looks like they don’t change much from upstream chromium. Any good chromium browsers which harden their browsers like librewolf does for more privacy?

  • Pantherina@feddit.de
    link
    fedilink
    arrow-up
    2
    arrow-down
    5
    ·
    edit-2
    11 months ago

    Ironically for Browser you shouldnt use Flatpaks if you trust the browser and you care about security.

    https://madaidans-insecurities.github.io/firefox-chromium.html

    What Distro are you on? I use Firefox and Brave, both as RPM now. I actually switched for convenience (keepassxc extension works, plasma extension works etc) but they are actually more secure.

    Native Chromium is poorly way more secure than Firefox. When using the Browsers through Flatpak you need to remove the sandbox, so process isolation and memory stuff is gone, and replace the specific sandbox with bubblewrap.

    Bubblewrap is good, but doesnt support isolated Tabs.

    There are CSS exploits, but to my understanding just using Noscript in “block all by default” mode is best for security AND privacy.

    I would like to like Brave, as it is more secure, but it sucks a lot. Very bloated, tab management worse, missing extensions, damn Chromium webstore and the addon not working so no updates. It is not bad, and I want to write a hardening config soon, to remove and disable all that bloat permanently.

    I would not recommend Librewolf if you are advanced. For one it is a Flatpak, ironically (didnt know this a few weeks ago too) less secure. Also it lacks behind in updates a bit, not much, but this may become a problem.

    https://github.com/trytomakeyouprivate/Arkenfox-softening

    I am working on this tool, should work, that keeps your Arkenfox config up to date and sets a few switches to soften it. So you add that to Firefox and dont need Librewolf anymore.

    On Fedora all you need is libavcodec-freworld from rpmfusion to get everything working. But ublue.it images work best out of the box.

    Edit

    Why are you downvoting this? Doesnt it fit your opinion? I also dont like Chromium, but its more secure. I also didnt know that Flatpak browsers are less secure, but thats a fact.

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        11 months ago

        I mean sandboxes are just pretty complex. Chromium relies on user namespaces for process isolation. Flatpak browsers are isolated but have no internal isolation of processes (one tab could attack another tab). At the same time the Flatpak sandbox itself relies on user namespaces, while the flatpakked browser cannot use the namespaces internally.

        Then there is the hardened kernel which disables user namespaces for security reasons, on the other hand people say running the Sandbox as suid means if there is a vulnerability processes get root access.

        Flatpak browsers put less trust in the code, but more in the maintainer that has to keep them as updated as possible.

        Its complex as fuck