brave-browser VS chromium

Brave (wallet) Changelog

Facebook can track you then if your using Google Chrome. Switch to Brave ASAP

Brave Github repository

You can suggest Brave team by either going onto community or on github page.

Here is link number 1 - Previous text "bug"

It's a bug on all chromium browsers, unfortunately. Hopefully it'll be fixed soon.

What do you mean, source!? That's public knowledge. Just look up their github (https://github.com/chromium/chromium)...?

I heard Debian has issues with outdated browser versions, but it never occurred to me that Pop!_OS 21.10 has the same issue. Checking with apt, I noticed I was running a browser version from Jun 19, 2020, more then 1.5 years old: - sudo apt install chromium - chromium is already the newest version (83.0.4103.116-3.1pop2~20.10). - Version 83.0.4103.116 (Developer Build) built on Debian bullseye/sid, running on Debian 11.0 (64-bit) - https://github.com/chromium/chromium/releases/tag/83.0.4103.116

Chrome is open source: https://github.com/chromium/chromium/tree/main/components/password_manager

Certificate transparency effectively solves this because certain browsers (currently only Safari and Chrome) require all new certificates be submitted to multiple certificate transparency lists - if it encounters a certificate that isnt, it’ll show a warning page before establishing the TLS session. More info[0].

Of course, if the country wants to intercept, they still can by intercepting all traffic with their own (non-existing-CA) certificate - Kazakhstan tried this and asked all their citizens to install it if they wanted internet[1], but it shows that these efforts won’t go unnoticed and browser developers might fight back against government surveillance.

0: https://chromium.googlesource.com/chromium/src/+/refs/heads/...

1: https://news.ycombinator.com/item?id=25324951

well, while I definitely block ads as well (when I don't reverse engineer them), this directive does have a good reason. It means:

"Allows a sandboxed document to open new windows without forcing the sandboxing flags upon them".

If it was absent, when user clicks the ad and it opens a new tab of the advertiser website, it would inherit the sandbox directives from the safeframe, which might break it. To be clear "sandbox" in this context refers to the iframe sandbox[0], not to be confused with the renderer process sandbox[1].

[0]: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/if...

[1]: https://chromium.googlesource.com/chromium/src/+/refs/heads/...

Ah yes you're right, this is old code written as recently way back... 21 hours ago https://github.com/chromium/chromium/commit/a756e0e0c8a2505d...

"old" and "nobody" are gaining fascinating new meanings, today

Chronium open source project can be found here.

> Isn't that always true for any Firefox version?

No, it has not been that way. For a long time Google Chrome was the only browser that had sandboxing by using separate processes for each tab (essentially).

See: https://www.google.com/googlebooks/chrome/small_04.html

For a long time, Firefox did not isolate different different websites in different processes. Today, Firefox has something similar to process sandboxing afaik but it took them some time to do it because their browser has a very old codebase and it took time for them to disentangle everything to provide this feature.

See: https://hacks.mozilla.org/2021/05/introducing-firefox-new-si...

Over the years, Chrome's sandbox has not stood still. It has become more and more sophisticated with various other features added (e.g. sandboxing in Linux using BPF -- e.g. https://chromium.googlesource.com/chromium/src/+/0e94f26e8/d... ).

So it would be interesting for someone to have a comparison between the two today.

However, with RLBox, Firefox has added a very powerful sandboxing technology that goes beyond process isolation.

Its quite impressive and I do think that Firefox can now have grounds to argue that it's more secure than Chrome.