Google Chrome 105 fixes 24 security issues

Martin Brinkmann
Aug 31, 2022
Google Chrome
|
36

Google released Chrome 105 to the Stable channel for Linux, Mac and Windows today. The new version of Chrome fixes 24 different security issues in the browser, including one that is rated critical and eight vulnerabilities rated high.

google chrome 105

Updates are also available for Chrome's Extended Stable channel and for Chrome Stable for Android. As always, updates will roll out automatically to most devices Chrome is installed on.

Chrome users who want to expedite the updating process may load chrome://settings/help in the browser's address bar to run a manual check for updates; this works only on desktop systems and not on Android.

ADVERTISEMENT

Google Chrome should pick up the new version at this point and install it. The page displays the current version as well.

Chrome 105

Chrome 105 is another update that makes most of its changes in the background. It is a security update first and foremost. Google notes on the official Chrome Releases blog that 24 different security issues are addressed in the update.

One of the issues is rated critical, the highest rating. Google makes no mention of exploits in the wild, which reduces the urgency of updating to the new version somewhat.

Chrome's Platform Status website lists 25 features for version 105 Stable. While that may sound exciting, most introduce new API capabilities or make behind the scenes changes to the browser. In fact, if you are not a developer, you may encounter no visible changes or new features at all.

Google highlights the changes for developers on its Developer blog. There, the company notes, that developers may now use the new Sanitizer API to "help reduce cross site scripting vulnerabilities", container queries, and that additional steps have been taken to deprecate WebSQL.

To sum it up: if you have Chrome installed, you may want to upgrade the browser to the new version as soon as possible to protect it from attacks that exploit the recently patched security vulnerabilities.

Now You: do you have Chrome installed on your devices?

Summary
Google Chrome 105 fixes 24 security issues
Article Name
Google Chrome 105 fixes 24 security issues
Description
Chrome 105 fixes 24 different security issues in the browser, including one that is rated critical and eight vulnerabilities rated high.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Iron Heart said on August 31, 2022 at 8:38 am
    Reply

    I‘ll brace myself for the same *smart people* writing their usual nonsense again.

    1. Yash said on September 1, 2022 at 7:25 am
      Reply

      One started it already.

      1. might as well use flash said on September 1, 2022 at 8:33 am
        Reply

        just another day at the chromium security office – everyday is security patch day

  2. GNU Linux Sophistication said on August 31, 2022 at 9:34 am
    Reply

    > do you have Chrome installed on your devices?

    No and why should i install an insecure browser like the chrome browser? chromium based browsers have terrible security and privacy and google writes the code along with M$ having the most commits to the chromium project. The chromium codebase is as big as an OS, the bigger it gets, the more bugs it gets. An absolute monstrosity of a browser engine developed by an ad-tech company google and greedy M$. A disgusting combination of greedy big tech.

    Chromes popularity has made the chromium codebase insecure.

    Attackers/cybercriminals go for the most popular target. The chromium browser engine is a total disaster. It is said that 2021 was a record year for the number of zero-day flaws in Chrome, read about Google Project Zero’s zero-day tracker. Chrome is the most insecure browser that exists.

    Google chrome is not only the worst for privacy, but the worst for security too. Chromium based browsers = Terrible for privacy and terrible for security. More people are only beginning to realize that.

    Edge switched to using the Chromium rendering engine, if cybercriminals find bugs in Chromium code , the criminals can attack a greater percentage of users.

    24 security issues chrome.

    Firefox gets nowhere near as much security issues as googles monstrosity that is the chromium browser codebase MINI OS MONOPOLY.

    Facts are facts.

    1. m3city said on August 31, 2022 at 2:25 pm
      Reply

      @GNU Linux Sophistication
      “More people are only beginning to realize that.”
      While I do agree that chrome is a dataminer foremost, I have to object to that statement. People don’t give a crap. Interested users, like one who visit ghacks and other IT/tech related sites are generally aware and some of them care. The rest – not so much. Whenever big news about privacy breach, stolen data, GAFAM goes through to mainstream media, ordinary users may note that, but will not act on that due to various reasons – lack of knowledge, understanding, disregard.

      1. Tom Hawack said on August 31, 2022 at 5:42 pm
        Reply

        @m3city,

        I think @GNU Linux Sophistication is right, I fully agree with his entire comment, but also when he writes,
        “Google chrome is not only the worst for privacy, but the worst for security too. Chromium based browsers = Terrible for privacy and terrible for security. More people are only beginning to realize that.”

        “More people” doesn’t mean “enough”, only mans “more”.
        We all know that deeper habits are anchored longer it takes to get them changed.
        We all know that i.e. revolts always start with a few before spreading (Steinbeck’s “Grapes Of Wrath”).

        There is a trend, something is changing, slowly. More people indeed are becoming aware of the GAFAM misconducts, but it takes time proportionally to users’ tech knowledge as well as to their commitment to their very own privacy and security. Winds right now, winds of rebellion which may very well turn into a tornado.
        Personally I remain convinced that all that is wrong eventually vanishes. May take more than a generation but sooner or later will vanish.

        To answer the article’s question : NO! I do not have Chrome installed on whatever device and never will. Never say never? I dare say, repeat and confirm it. As for Microsoft, @GNU Linux Sophistication and I have shared a few dialogs in another Ghacks post and can affirm that after Win7 it’ll be Linux. Google and Microsoft out of my way promises sunlight.

      2. Tsami said on August 31, 2022 at 11:27 pm
        Reply

        @Tom

        Thanks for the two filters you posted earlier. I put them into my uBlockO filters page right away.

    2. Allwynd said on August 31, 2022 at 10:31 pm
      Reply

      Nobody is targeting Firefox, because it’s a dying niche browser with insignificant userbase.

      1. Iron Heart said on September 1, 2022 at 2:14 am
        Reply

        @Allwynd

        That’s the actual reason for the overall lower nominal number of security issues of Firefox! Any code comparison or analysis of the actual base code of Firefox will demonstrate that several key exploit mitigations like a strong sandbox and strict site isolation (citing them again because these are glaringly obvious) are sorely missing. In no way, shape, or form can such a browser be considered more secure than Chromium, it’s a pipe dream.

        The salesmen posts here rely on people being too stupid to notice that Chromium has 80% market share vs. Firefox’s 3% market share, making Chromium the prime target of hackers, with hardly anyone caring about Firefox anymore. This large gap will always result in a higher nominal number of Chromium security issues being noticed… it’s actually under scrutiny! “My browser receives no scrutiny, therefore fewer issues are found, therefore it’s more secure!” – The Firefox salesmen of gHacks, apparently.

        You are wasting your time doing the logic vs. salesman, but to be fair, so do I. I also waste my time for nothing here.

      2. l33t [email protected] said on September 1, 2022 at 4:20 pm
        Reply

        > Nobody is targeting Firefox

        Because over 200 million users is not a juicy target. If it was as weak as chromium (or even weaker and so easy to exploit as some like to claim), then l33t [email protected] like yourself would be all over it

        just make sure to claim it’s all been declassified so you can whine about something

  3. owl said on August 31, 2022 at 9:35 am
    Reply

    McAfee reports that popular Chrome extensions contain “code to insert unauthorized affiliates”.
    Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users | McAfee Blog
    Aug 29, 2022
    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/
    Chrome extensions with 1.4 million installs steal browsing data
    August 30, 2022
    https://www.bleepingcomputer.com/news/security/chrome-extensions-with-14-million-installs-steal-browsing-data/
    Those extensions remain available from the official Google web store at this time. One of them has also been given the label “Recommended” to indicate that it meets Google’s criteria.

  4. fullofcr4p_sense_the_smart_opposite_corroded_head said on August 31, 2022 at 10:05 am
    Reply

    It should be the other way: ghrome 1005 introduces 243 security issues.

    This fullofcr4p_sense_the_smart_opposite_corroded_head should brace for a WD40 jet only!!

  5. Yash said on August 31, 2022 at 10:40 am
    Reply

    Always remember folks if a software is regularly suffering from security issues it is a good software. Use Adobe Flash from now on as well.

    Regards
    A google spokeperson x.

  6. microfix said on August 31, 2022 at 1:11 pm
    Reply

    Has the web page to windows clipboard issue (without user permissions) been fixed whilst using google chrome in this update?
    not seeing it…

  7. ChromeFan said on August 31, 2022 at 2:24 pm
    Reply

    Do I have Google Chrome installed on my devices? Why yes I do, computer, mobile, fridge, oven, microwave, and even my car.

    When you have the best, most secure, and private browser and when more than 1 billion smart users have Google Chrome installed, security fixes are necessary as the browser and its users becomes a target.

    Keep on doing what you are doing, and never stop making the internet a free, private experience where everyone can enjoy.

    1. owl said on August 31, 2022 at 2:43 pm
      Reply

      @ChromeFan,
      > When you have the best, most secure, and private browser and when more than 1 billion smart users have Google Chrome installed, security fixes are necessary as the browser and its users becomes a target.
      Keep on doing what you are doing,

      If you are going to mention that much, then I assume you will assume full responsibility!
      You will assume reimbursement for all defects and damages.
      Show me that you are prepared to do so!

    2. Tom Hawack said on August 31, 2022 at 6:20 pm
      Reply

      I’ve added to my uBO’s filters,

      ! Block ‘Iron Heart’ comments
      ghacks.net##.comment-item:has-text(Iron Heart said)
      ghacks.net##.comment-item:has-text(Iron Heart)
      !

      to which I’ve added :

      ! Block ‘ChromeFan’ comments
      ghacks.net##.comment-item:has-text(ChromeFan said)
      ghacks.net##.comment-item:has-text(ChromeFan)
      !

      Everyone is free to write and speak as well as to avoid what he/she considers as nonsense, demagogy.
      I just can’t stand their trolls any longer.

      1. Iron Heart said on August 31, 2022 at 7:46 pm
        Reply

        @Tom Hawack

        I wish what you said was true, but unfortunately, I still find you replying to my comments. Wonder how that works if you have allegedly hidden them from view.

        I do hope what you say is true though, because you and several people no longer replying to me would be a highly desired outcome for me as well. This would definitely spare me much time and annoyances going forward. I have not been lucky with that so far, which is unfortunate, so may I ask: Are you lying to people here? Because it sure seems like it.

        I have my personal list for smooth talkers and frequent liars as well, it reads as follows:

        ! Block ‘Tom Hawack’ comments
        ghacks.net##.comment-item:has-text(Tom Hawack said)
        ghacks.net##.comment-item:has-text(Tom Hawack)
        !

        Oopsie doopsie, was that your name in there? That’s an error, I would never call you a smooth talker or liar of course! I meant to say “Anonymous” here of course! Sorry for the mistake, silly me.

  8. Andy Prough said on August 31, 2022 at 5:43 pm
    Reply

    Based on Google’s theory of numbering things, 24 security issues isn’t nearly enough to get the public’s attention. They need more security flaws to be taken seriously, at least 100 of them for each release.

  9. Anonymous said on August 31, 2022 at 10:28 pm
    Reply

    It’s time to start moving away from Chromium based browsers. Once manifest v3 goes into full effect, browsing the internet will be a nightmare.

  10. GNU Linux Sophistication said on August 31, 2022 at 10:41 pm
    Reply

    @m3city

    > People don’t give a crap.

    Yes, you’re right, i also have no real faith in the masses in choosing to use better software, the masses like Tik Tok, Facebook and google chrome lol. To clarify though, i meant to say a lot of people in the FOSS/privacy community are starting to think about how bad chromium based browsers are. In a lot privacy forums, there is no shortage of people that dislike chromium based browsers and those numbers seem to be increasing fast. Even here on Ghacks comments section, there are plenty that dislike google chromium engine, just look at the comments.

    Some people in the actual Linux community have always preferred firefox though, and have never trusted google/M$ with authorship of browser code. How is that true? Just look at what browser is installed by default on most Linux distributions? It is nearly always Firefox. There is something about Firefox that people appreciate, it just feels better to use because of the customizability and better security.

    One of the reasons why chromium based browsers have inferior security to Firefox or forks of it, is because the chromium codebase is primarily written in C++ and has just gotten extremely bloated whilst also being literally a monopoly.

    A lot of Firefox is built using Rust, a safer programming language which is specifically designed to be memory safe. Firefox security could have even been better if they implemented even more rust in the quantum project, a lot of portions of Servo were incorporated into the Gecko engine though, so Firefox improved a lot with the quantum project/servo. Servo was an experimental browser engine authored by Mozilla designed to take advantage of the rust programming language.

    @Tom Hawack

    > Google and Microsoft

    As a general rule of thumb, if one wants more privacy, security and customizability in software choice, there are far better choices out there for software, it is wise to avoid software primarily authored by those corporations google and Microsoft.

    @ Iron Heart

    > I wish what you said was true, but unfortunately, I still find you replying to my comments. Wonder how that works if you have allegedly hidden them from view.

    Why not take a hint and stop bothering people who do not want to conversate with you? The fact that some people are actually taking the time to create uBO’s filters shows that a lot of people dislike your misinformative comments and your condescending attitude.

    > you and several people no longer replying to me would be a highly desired outcome for me as well.

    A highly desired outcome for what? Your insufferable ego? Do you even read what you type? People actually build UBO Filters for you, do you believe that you have a large following here where people value your contributions. Lol. You are a very delusional individual, how can you have much a following when people say they make UBO filters for you?

  11. Iron Heart said on September 1, 2022 at 12:01 am
    Reply

    I should apply for the soothsayer career path apparently, because what I predicted came to pass exactly as I imagined it would. This article, meant to inform users of Chromium-based browsers of an important security update, is being hijacked by propagandists and fanboys of a certain competitor browser. As always.

    Some real talk for you guys:

    – How many security issues are found in any given application is highly influenced by popularity. Statistically speaking, someone targeting Firefox would aim at 3 / 100 internet users. Someone targeting Chromium aims at 80 / 100 internet users. Think about it, which browser is going to receive more scrutiny? More scrutiny results in more issues being found compared to a codebase almost nobody looks at. Lack of auditing and lack of usage is not the same as being more secure.
    – The absolute number of security issues found tells you nothing about how easy or hard the exploits really were. A higher amount of exploits that can’t be trivially exploited is considered better than a low amount of very trivial exploits.
    – Forks and adjacent projects influence the number of issues found. Apart from the larger user base, Chromium also serves as the basis of many browsers, among others Chrome, Edge, Opera, Brave, Vivaldi, and Amazon’s Silk browser. The closely related Electron is used by thousands upon thousands of applications of various developers, and those also necessarily work with the codebase. Almost no browser is based on Firefox and the only entities reviewing the codebase are Mozilla and the undermanned Tor Project. That is ridiculously low compared to the number of people using and auditing the Chromium code.
    – You talk about Chromium being insecure, but I hardly hear of anyone who has actually been hacked so far. Chromium is also considered “good enough” for enterprise use including most Fortune 500 companies. I doubt that the admins of these entities are all idiots who are too dumb to install Firefox. Seems also like they are less worried than you alarmists are.

    End of real talk. It seems a lot of people here have failed their statistics class and are woefully unable to do statistics 101. That one codebase is under much more scrutiny than the other means that there will always nominally be more security issues found. Insofar as they are fixed, and they are, this is a good thing. Counting security issues and then comparing, while still failing to consider the actual severity of any given issue, presupposes that the same amount of usage and scrutiny is taking place for either project, which is clearly not the case here.

    The quality of comments on gHacks has deteriorated to the point where it is accepted that common sense presuppositions that are common knowledge everywhere else play no role in the discussion here, leading to dishonest and / or dumb posts that come off as shilling attempts, divorced from any attempt at being factually correct. The moderator suppresses any posting of factual sources that compare the actual base code, but lets propagandists who try to fool people with ill-informed statistics have a field day, also bringing the blog into disrepute. Again, this is very sad.

    It is painful to discuss with intolerant, constantly goalpost-moving, dishonest, salesman style “commenters” who have no interest to inform users about security, but instead only want to sell their product here. This will ultimately put people at risk, and reduce their security and privacy. I don’t want this to happen to anyone I value, so therefore I do now inform people, when asked about this blog, to take anything written here with not just a grain, but rather a ton of salt, and I also inform them that no free discussion and exchange of opinion can possibly take place here s the moody mod intervenes as he sees fit, according to rules made up as he goes along, while he watches the reputation of his blog being ripped to pieces by highly dishonest and aggressive shills. I think something needs to be done about this; if you are into silly censorship, at least apply it where everyone else applies it – against obvious and ill-researched fake news that regularly gets posted here by always the same people. Thank you for listening.

    1. owl said on September 1, 2022 at 12:42 am
      Reply

      @Iron Heart,
      > This article, meant to inform users of Chromium-based browsers of an important security update, is being hijacked by propagandists and fanboys of a certain competitor browser. As always.

      You have truly lost your objectivity and a bird’s-eye view.
      The original genesis is BS, continued from other topics by ChromeFan.
      Is the number of posters the issue?
      No, it’s not, it’s the “quality” of the posts.
      It is ChromeFan’s BS that should be the issue.

      However, it’s the “Iron Heart” that fills (and occupies) the majority of those pages~!

      1. Iron Heart said on September 1, 2022 at 2:05 am
        Reply

        @owl

        I am the only one here so far giving an objective view re. statistics and what to expect from them! The more popular project will always nominally have more security issues because that’s the result of actual scrutiny taking place.
        “Hardly anyone looks at my code = statistically fewer security issues are found = must mean that the base code is more secure, then” is what the other commenters assert, and that’s such a failure in terms of stats interpretation and so full of non-sequiturs, it physically hurt me to write something as stupid as this down. It really did.
        The other posters unfortunately use a very limited understanding of statistics to come up with the IMHO blatant fake news that a certain competitor project must be more secure, even when actual code comparisons paint in a much different picture.

        I have no interest in discussion with these people anymore, because they have a very clear objective – promoting their favorite product / brand, security and privacy considerations be damned! Not going to talk with these people here, waste of time. Anyone having no problem with deliberately false salesman presuppositions, feel free to enjoy that crap!

      2. owl said on September 1, 2022 at 2:50 am
        Reply

        @Iron Heart,

        I am exhausted of you.
        I have been for some time, but as usual, I continue to have miscommunication with you.
        No doubt other commenters will be the same as I am. That (miscommunication with you) is what makes those topics and threads so confusing.

        The “objectivity and bird’s eye view” I mentioned is how your comment is structured.
        In other words, in this case, “This article is meant to inform users of Chromium-based browsers of an important security update, but it has been hijacked by the promoters and fanboys of one competing browser. As usual.” About.

        To which I responded, “It originally started with the BS that ChromeFan continues from other topics.” and so on. I said and reprimanded you for saying that.

        In short, I am referring to an objectivity and bird’s eye view of “why the off-topic trend has occurred”.
        You are essentially free to say whatever you want about browsers.

        Just to be clear, I was not referring to your “view of browsers”.

        My patience (The effort I, as a digital detox, spend on your behalf) is limited. I will discontinue this topic now. No need for silly replies. Bye.

    2. Emils Browser Wetter said on September 1, 2022 at 9:52 am
      Reply

      Ingenious example of Iron Heart’s meaningless marketing logic:

      “Some real talk for you guys:

      – How many security issues are found in any given application is highly influenced by popularity. Statistically speaking, someone targeting Firefox would aim at 3 / 100 internet users. Someone targeting Chromium aims at 80 / 100 internet users.”

      Huh ???

      … but my dear Mr. Soothsayer, the incredible high amount of found security issues is highly influenced by sloopy Google programmers in first place. Firefox as target would attract only 3 / 100 hackers. Chrome as target would attract the other 97 / 100 hackers.
      Guess why …? It’s the security stupid!

      Quote IH

      “The quality of comments on gHacks has deteriorated ff.”

      The quality of comments on gHacks has deteriorated due to the endless stream of soothsayings from a certain user – guess who? Look into your crystal ball …

      1. Iron Heart said on September 1, 2022 at 10:24 am
        Reply

        @Emils Brausegewitter

        > the incredible high amount of found security issues is highly influenced by sloopy Google programmers in first place

        Source: Trust me bro.

        It doesn’t have any worse security practices than the competitor browsers, it is the main target however. Keep the fake news up, you are doing good. Fake news is what will “improve” comment quality going forward, or so the soothsaying (= you guys being predictable af) says.

    3. Rust Hurt said on September 1, 2022 at 10:52 am
      Reply

      @Iron Heart

      The user base for Firefox is big enough to have an impact on bug reports, also many more Firefox users are much much more security aware which can easily outperform bug reportings like the giant Chrome browser, if there would be anything to report, you see… it could very well be like this -> for every 100 000 Chrome browser sheeples who gives Zero f*cks if their nude selfies would leak out, it would take only 1 technically knowledgeable Firefox user to tip the scale, therefore Firefox could easily have a larger technically skilled user base than Chrome who are able to analyze and produce a worthy bug report, so your logic and reason is flawed, and while having your attention, your highly combative communication style is very inflammatory baiting many others into combative nonsense with you, in essence you come of as a technically very skilled troll working for the dark side.

  12. Andy Prough said on September 1, 2022 at 2:15 am
    Reply

    @Iron Heart
    > dishonest, salesman style “commenters”

    I’m not selling anything and I use Brave sometimes, and it works well for me. It’s a bit bloated for everyday use – I prefer links2 command line browser which I’m using now and is using 31mb memory to read this page and post a comment. Brave can easily use over 1gb of memory after a bit of browsing. But I wouldn’t try to “sell” links2 to anyone – who would buy something like that? For full graphical browsing I prefer Pale Moon, which often runs with under 300mb of memory.

    As far as Chrome/chromium security issues – they really need to cut down on the number zero day exploits under control. Those are downright dangerous and create paths for possible ransomeware or worse. I would prefer for chromium ultimately to be removed from google’s control, and be taken over fully by a non-profit community. As long as google controls its development, no one is going to fully trust it.

    1. Iron Heart said on September 1, 2022 at 3:19 am
      Reply

      @Andy Prough

      Links2 and Lynx as well are secure in a very funny kind of way. If you support no feature, you also can’t be hacked – all avenues closed. :D

      > they really need to cut down on the number zero day exploits under control.

      I think it’s inevitable for a codebase the size of an operating system. Not saying this with the salesman voice of @Anonymous123 here. I mean, all modern browser codebases are more or less the size of operating systems. These issues actually being found indicates that people actually work with the code and does not necessarily imply bad code quality – again, consider the size of the codebase we are talking about here.

      Firefox, considering the state of its exploit mitigations, which is equal to Chromium from 3 – 5 years ago, may well have more zero days hidden in the code, but who is there to find out? If I were a bad guy, I wouldn’t care about catching the 3% of all Internet users that have Firefox installed either.

      > I would prefer for chromium ultimately to be removed from google’s control, and be taken over fully by a non-profit community.

      Yeah sure, but who is going to pay the devs? The reality of Chromium and also Firefox is, most of the contributions are coming from full time employees of the respective companies. If we were to rely on volunteers only, we would be in dire straits.
      I can’t even imagine what such a non-profit would look like. Would the companies how develop Chromium now send their devs there? If yes, how long would they stay employed in their parent company, especially if the value of such a foundation is being reconsidered!?
      Anyway, it could work like the Linux Foundation that also oversees several major companies contributing to the Linux kernel (that’s not a volunteer-driven project either, contrary to what most of the community thinks it is). Or maybe the “Mozilla model”, where the “Chromium foundation” basically sells their search bar (and their soul, haha) to the highest bidder, which will be Google. Not optimal either.

      Firefox is being developed by the for-profit Mozilla Corporation that is a subsidiary of the non-profit Mozilla Foundation, so FF is not developed by non-profit either, and only survives because Google wants it to survive. I know it’s not nice to say that they are corporate leeches, but that’s basically what it is. Mozilla is beholden to Google, is “opposition” and so far has not hurt Google with their decisions. Not sure Google would want the same for Chromium(!?) where they reserve elevated control rights for themselves at upstream, it’s not the pseudo-opposition nice guy on the sidelines, you see, it’s their own main product! Would be a hard battle to be sure, unless their jurisdiction, i.e. the US, forces the move.

      > As long as google controls its development, no one is going to fully trust it.

      Well, you can audit the code, and you can fork it as well and do whatever with it downstream. The fact is that nobody has called for a “Chromium Foundation” yet because so far, Google has done nothing that was bad enough as to be unfixable, meaning all issues so far have been dealt with, not least because even Google requires internal kill switches for their features, in case something goes awry for them. Google would have to do something very outrageous upstream that would ultimately exceed all engineering capabilities available downstream for such a call to arise. Not sure what that could possibly be, pretty sure Manifest V3 is not it, since this is rather easily circumvented via native adblocker. Such a change would also have to be open source still too, due to how Chromium is licensed, which further puts doubt on whether or not something like that would be possible from Google’s POV. I press X for doubt here, sorry.

      I also have a problem with the idea that “Google code = untrusted” (even if auditable) while “Mozilla code = trusted”. I have no reason to trust Mozilla. For all I know, they are a very opaque organization, funded by Google, openly fighting for a centralized and heavily censored web, and they have also been found not to take the rights of users as seriously as they claim to (like when they hijacked the DNS resolver in Firefox and switched it to Cloudflare – hell of a privacy giant /s – via the open-by-default backdoor otherwise known as Firefox Experiments, no less). That issues like these are pulled under the rug (while whatever Brave may have done that was never 1/4 as bad as that is blown out of proportion, which is ridiculous) also makes my very wary of the community – I mean, what else can expect in the future if the community does not speak up here, all the while they waste their time closely monitoring competitor projects with few results? Makes me question this organization + community, hope that makes sense.

  13. GNU Linux Sophistication said on September 1, 2022 at 4:05 am
    Reply

    @Ghacks

    I posted a comment here earlier, where is it?

    @Iron Heart

    > Lack of auditing and lack of usage is not the same as being more secure.

    – Firefox has been independently audited by third parties and is under the watchful eye of the FOSS community.

    The facts are this, Firefox has less security problems than chromium based browsers.

    > The absolute number of security issues found tells you nothing

    – The absolurely number of security found in chromium based browsers far outweighs the numbers found in Firefox according to statistics.

    > Almost no browser is based on Firefox and the only entities reviewing the codebase are Mozilla and the undermanned Tor Project. That is ridiculously low compared to the number of people using and auditing the Chromium code.

    Firefox is a browser liked and reviewed by a massive FOSS community. Firefox has been Independently audited by third parties.

    > am the only one here so far giving an objective view re. statistics and what to expect from them!

    The evidence and statistics point towards chromium codebase browsers having more security issues than Firefox. YOur view is not objective at all.

    > The more popular project will always nominally have more security issues because that’s the result of actual scrutiny taking place.

    A completely erroneous argument. Popular operating systems like windows get more security issues because it is closed source which creates an environment of lazy programming than someting like FOSS where the free open source code can be reviewed by a wider community.

    Chromium codebase may be FOSS but the code is the biggest seen in any browser engine which creates a massive attack surface whilst also being the most popular browser engine = Unsagfe browser engine.

    > all modern browser codebases are more or less the size of operating systems.

    No browser codebase is as big as chromium. Millions of more lines of code than Firefox, not written in as much rust as Firefox.

    > may well have more zero days hidden in the code, but who is there to find out?

    Firefox is an open source browser constantly maintained by Mozilla and reviewed by the FOSS community. YOu act like Firefox is closed source like chrome.

    > Google has done nothing that was bad enough as to be unfixable, meaning all issues so far have been dealt with,

    Did they the clipboard issues found in chromium browsers immediately?

    > I also have a problem with the idea that “Google code = untrusted

    Google code = a bloated security mess.

    Fixed that for you.

  14. GNU Linux Sophistication said on September 1, 2022 at 4:09 am
    Reply

    Edit

    > Google has done nothing that was bad enough as to be unfixable, meaning all issues so far have been dealt with,

    Did they FIX the clipboard issues found in chromium browsers?

    1. kerosene said on September 1, 2022 at 8:14 pm
      Reply

      Not yet on chromium 64 bits version 105.0.5195.54 (ungoogled).

  15. Andy Prough said on September 1, 2022 at 6:05 am
    Reply

    @Iron Heart
    When you reply to my posts you keep attacking Mozilla as if I’m going to defend them, but I’m not. I’ve used Firefox and I know how to use it safely and privately, but it’s a gigantic hassle to configure it appropriately compared to Brave with just a few of the “strict” settings, or compared to Pale Moon with just a few add-ons. Anyway – just thought I would mention it. I’m not opposed to much of what you say about Firefox. But at the same time as an old-time Google fan who was shocked at the Edward Snowden revelations about Prism, I’ll never trust them again. No amount of code audits will ever be enough to prove that they aren’t still completely selling us out to all their spy agency buddies.

  16. GNU Linux Sophistication said on September 1, 2022 at 6:55 am
    Reply

    Edit correction from one of my previous comments.

    * The number of security issues found in chromium based browsers far outweighs the number of security issues found in Firefox according to statistics.

    Even looking at Ghacks news articles can give you a fairly good idea about which browsers get the most security patches. Chrome would top the charts. Lol.

    @Allwynd & Iron Heart

    > Nobody is targeting Firefox, because it’s a dying niche browser with insignificant userbase.

    > That’s the actual reason for the overall lower nominal number of security issues of Firefox!

    It is probably true that if Firefox was more popular it would get more security issues, the fact remains that there is no evidence to support the idea that it would have as much problems as chromium based browsers.

    Why is that?

    A = Firefox is partly written in safer programming language RUST, Chromium is primarily C++.

    B = Firefox contains far less code which creates a safer browser environment than something like chromium engine which has millions more lines of code than Firefox, which means Chromium is the browser engine with the largest attack surface whilst also being a monopoly since M$ use it for Edge now.

    I am glad that Firefox is a niche browser and partly written in RUST, all the more safer for it.

    > The salesmen posts

    An erroneous statement right there as Firefox is FOSS.

    @Andy Prough

    > I’ve used Firefox and I know how to use it safely and privately, but it’s a gigantic hassle to configure it appropriately

    Yes, it can take up to 15 to 20 minutes to configure Firefox for more privacy, i agree at times it can be annoying, however it can be done faster with ARKENFOX or just use Librewolf instead that has more privacy related defaults.

    Configuring firefox manually is more fun in my opinion though. Learning about what each about:config setting does give you more knowledge about technology.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.