Sorry, my mistake and thank you for your fast reaction on this!
Actually I got something wrong when I read https://www.kuketz-blog.de/vanadium-sichere-und-datenschutzfreundliche-android-browser-teil-6/ which is about Vanadium, the browser on mymobile phone, which is based on Chrome.
You are completely right with the points you made.
I gonna think about deleting Chrome.
I may be wrong, please donât crucify me, correct me gently 
I thought Chromium-based browsers, from the standpoint of pure security, are quite secure.
I am not talking of being private. Some may argue if there is no privacy, there is no security. But I guess depending on each individual threat model, the relation between the two may vary quite much.
Yeah, Chromium is more secure than Gecko.
I try not to take for granted a statement that has nothing to back it up (even if I have no reason to disagree with it in principal). So I did a bit of poking around and it would seem researchers take issue with Firefoxâs lack of decent site isolation / sandboxing. There are other issues too, but that one seems to be the dominant one.
Hereâs some notable findings:
Avoid Gecko-based browsers like Firefox as theyâre currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesnât have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android.
Firefox (Gecko) Sandbox Shortcomings :
- On Linux, content processes can access X11, PulseAudio, etc., which are known sandbox-escape vectors.
- On Android, thereâs no usage of
isolatedProcessfor the renderer.
Chromium stands out for its rigorous sandbox, advanced site isolation, and continuous exploit mitigations.
Ultimately, if raw exploit resistance is your goal, a hardened Chromium variantâlike Vanadium on GrapheneOS or Trivalent on desktop Linuxâprovides some of the best defenses available today.
Firefoxâs sandboxing on other platforms, such as Linux, is significantly worse. The restrictions are generally quite permissive, and it is even susceptible to various trivial sandbox escape vulnerabilities that span back years, as well as exposing sizable attack surface from within the sandbox.
Exploit mitigations eliminate entire classes of common vulnerabilities / exploit techniques to prevent or severely hinder exploitation. Firefox lacks many important mitigations, while Chromium generally excels in this area.
As with the sandboxing, there are many more issues than the ones listed below, but this article does not attempt to be an exhaustive list. Readers can look through Mozillaâs own bug tracker for further examples.
for years not planning to change this.
Thanks for your post detailing much more what I alluded to before!
The issue most often is that people conflate the two concept of privacy and security. As also was seen some posts further up.
It may come as a surprise to many that the family of Chromium browsers are pretty secure. But are they private? Well, some market themselves as such, the likes of Brave and Vivaldi, and I am sure to some extent they are. Some not all. Login with your Google account into Chrome and let Alphabet own you.
Another example that contrast clearly the concept of security and privacy is, lo and behold, ChromeOS.
ChromeOS, I daresay, is one of the most secure operating systems in the market. But is it private? Err⌠did you say what? 
This is spot on. People tend to think they are the same or go hand in hand when the reality is they often are opposite of each other. The main issue is People donât understand the basic difference, the way I learned was a Professor told me to think of Privacy as âIâ and security as âWEâ
Group security removes Individual Privacy. In order to protect the group âchildrenâ we must see YOUR Id. (think alcohol in US)
Each should understand the Software and its License they choose to use.
Iâd place Chrome and Firefox in a similar category with respect to privacy. Their derivatives are a different matter, as many seek to enhance privacy, and there are a few that do a decent job of it, I believe.
Firefoxâs privacy policy lays it out (summarised here).
This study, albeit some years old now, cast Chrome, Firefox, Edge and Safari in a similar light. The fifth browser tested stands quite apart.
Our aim is to assess the privacy risks associated with this data exchange between a browser and its associated Google, Apple, Mozilla etc servers during general web browsing.
Chrome, Firefox, Safari and Edge all share details of web pages visited with backend servers. Additionally, Chrome, Firefox and Edge all share long-lived identifiers that can be used to link connections together and so potentially allow tracking over time. In the case of Edge these are device and hardware identifiers that are hard/impossible for users to change. On mobile devices, but not desktop devices, Firefox also shares device identifiers.
A similar report was concluded here, to reference Kuketz again. It likewise lumps Firefox in with behaviour consistent with Chrome and Edge.
With those reports, I acknowledge time has passed since they were conducted. If nothing else, they offer some near historical context.
Differentiating between security and privacy is of course a valid point too, and you prompted me to think on it since you raised the thought earlier @cactux. Iâm not quite sure what it is youâre alluding to though.
You are right. Out of the box, Firefox cannot pride itself of being a privacy browser. However, contrary to the browsers from the clan of Chromium, it gives the users the freedom to tweak and harden it to such a degree that it can do a decent job on the privacy as well. The same cannot be said about Chromium/Chrome. So I would place it in the category of âwith good potential for privacyâ.
No, nothing special. Only that Chromium (based) browser were pretty secure. In reaction to a statement further above that some of these browsers were excluded from a study since they are âper definition not secureâ.
Why would vivaldi not fit in a secure and privacy based browser? They have eliminated all the calls to google servers from their code base.
Among all the browses Chromium based browsers are considered the best secure browsers out there. Dont even get me started on MS Edge which is based on another big ad company, i.e. Microsoft. Moreover I get the sense that Edge is going to be Microsoft attempt to embrace and extinguish chromium and chrome. Till now they were up against a formidable opponent in term of google. But they might not have to worry about Google soon enough thanks to Biden and DoJ.
I think every Linux distribution and MacOS should just copy Windows and install Edge as their default web-browser and make it so that you canât remove it without breaking the os 
Better still, remove Edge without even installing it so that way you canât break the os
Still Firefox.
Although it starts getting on my nerves these past years, with all that feature creep, ever more becoming a resource hog, and tending to paternalism. Darn, if I type in a http:// address I mean it, and donât want to be forced to https://. Or horribly bad translations.
Plus, I have to keep a copy of Chromium, for all these modern firmware-flashing websites. Or such that only work correctly on Chromium-based browsers. Starts reminding me of the days when almost every website had that note âBest viewed in Internet Exploder at 1024x768 pixelsââŚ
Isnât that a setting in the settings page or togglable in about:config?
On the LibreWolf vs. Firefox debate, I think LibreWolf is the better pick for privacy. Sure, you can tweak Firefox with about:config, a user.js file like Arkenfox, and extensions like uBlock Origin to get close. But LibreWolf takes it further with changes you canât just configure in Firefox, like fully removing telemetry, stripping out DRM, cutting sponsored content, and dropping server connections. Youâd need to mess with Firefoxâs source code to match that, which isnât practical unless youâre building your own version. One thing to note, LibreWolfâs letterboxing for fingerprinting protection might make it stand out a bit since itâs niche, while Firefox needs Resist Fingerprinting turned on for something similar. For Linux folks who want a privacy-first Firefox-based browser, LibreWolf is tough to beat.
As for Brave, I donât get the hate it gets for so-called âbloatâ like the crypto wallet or Brave Rewards. Those features are optional, and you can turn them off in settings. Done deal. Brave is open source, runs on Chromium, and comes with strong privacy features right out of the gate. Itâs a great fit for Linux users who value transparency. Compare that to Vivaldi, which is only partly open source since its UI layer is proprietary. No matter how many cool features Vivaldi has, that lack of full openness is a no-go for me and probably a lot of other Linux users. Braveâs transparency wins out.
Then thereâs Ungoogled-Chromium, which is awesome if you want something minimalist. It cuts out Googleâs services and telemetry, keeping things simple and private. The trade-off is you miss out on features like sync and some of Braveâs extras. If youâre okay with that, Ungoogled-Chromium is a solid choice.
For Linux users who live and breathe open source and privacy, Iâd say LibreWolf is the way to go for Firefox-based browsing. On the Chromium side, itâs Brave for a good mix of features and privacy, or Ungoogled-Chromium if you prefer bare-bones. Vivaldi just doesnât cut it with its semi-proprietary setup. Open source and transparency matter more than fancy visuals.
Just my two cents!
You may want to read up on Braveâs history and stuff.
Thy have and are doing some shady stuff.
No link sorry, Google it!
Brave: The privacy-oriented browser with a business model that includes tracking you.
Not to mention its timeline of events like inserting its own links/redirections, or encouraging users to lessen their kernel security in order for it to run, etc etc.
But for some reason folks are bound to be defensive over their original choices, no matter how uninformed, rather than admit they were victims of marketing.
Everyone is still free to use whatever it is they want .. but it seems pointing out flaws in corporate products tends to generate a certain backlash. Câest la vie.
Also .. as to OP ⌠this is decidedly the silliest way to conduct a poll on discourse.
Zen
