Serious Discussion fedora 40

simmerskool

simmerskool

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Vitali Ortzi said:
Firefox isn't a secure browser but it's okay on windows but on Linux it doesn't have as good sandboxing , mitigations Firefox and Chromium | Madaidan's Insecurities
Personally I'm using brave (has cname blocking in their ad blocker ) but if you don't need cname blocking then the most secure browser is hardened chromium that secureblue uses but it might require Hardened malloc as well (it's far more secure then brave )
Click to expand...
perhaps, just noting that the Madaidan article is +2.5 years old (unless the article gets updated without notation)
I am new to Silverblue atomic and just know the little I read, ie, flatpaks are sandboxed with bubblewrap. I will look today to see if there's a flatpak brave.
 
  • Like
Reactions: oldschool
Victor M

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
645
@Vitali Ortzi , do you find that secureblue keeps up with patches? Browsers gets new vulnerabilities with every new version, and up to date patches is of major importance. Just don't want to dive into a distro that doesn't have the manpower to do that.

I think the browser vendors should Stop making new versions every couple of weeks and release good secure and debugged versions maybe every few months, complete with static and dynamic code checking and fuzzing.
 
Last edited:
  • Like
Reactions: simmerskool
Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
Victor M said:
@Vitali Ortzi , do you find that secureblue keeps up with patches? Browsers gets new vulnerabilities with every new version, and up to date patches is of major importance. Just don't want to dive into a distro that doesn't have the manpower to do that.

I think the browser vendors should Stop making new versions every couple of weeks and release good secure and debugged versions maybe every few months, complete with static and dynamic code checking and fuzzing.
Click to expand...
You have to thank Google for that:
For more than a decade, Chrome has shipped a new milestone every 6 weeks, delivering security, stability, speed and simplicity to our users and the web. As we have improved our testing and release processes for Chrome, and deployed bi-weekly security updates to improve our patch gap, it became clear that we could shorten our release cycle and deliver new features more quickly.
Click to expand...
blog.chromium.org

Speeding up Chrome's release cycle

For more than a decade, Chrome has shipped a new milestone every 6 weeks, delivering security, stability, speed and simplicity to our users ...
blog.chromium.org blog.chromium.org
More generally, we continue to work on the “patch gap”, where security bug fixes are posted in our open-source code repository but then take some time before they are released as a Chrome stable update. We now make regular refresh releases every two weeks, containing the latest severe security fixes. This has brought down the median “patch gap” from 33 days in Chrome 76 to 15 days in Chrome 78, and we continue to work on improving it.
Click to expand...

Q4 2019 Summary from Chrome Security

groups.google.com groups.google.com
 
  • Like
Reactions: simmerskool
Vitali Ortzi

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,585
Victor M said:
@Vitali Ortzi , do you find that secureblue keeps up with patches? Browsers gets new vulnerabilities with every new version, and up to date patches is of major importance. Just don't want to dive into a distro that doesn't have the manpower to do that.

I think the browser vendors should Stop making new versions every couple of weeks and release good secure and debugged versions maybe every few months, complete with static and dynamic code checking and fuzzing.
Click to expand...
Every time I check the repo there is usually daily commits to the browser used GitHub - secureblue/hardened-chromium: A hardened chromium for desktop Linux inspired by Vanadium.
But yes it's just a 5 contributors working on it but so far they have done incredible work keeping up to date with vanadium chromium base
Although most commits are done by a single dev
 
Last edited:
  • Like
Reactions: Brahman, Victor M, simmerskool and 2 others
simmerskool

simmerskool

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Vitali Ortzi said:
Every time I check the repo there is usually daily commits to the browser used GitHub - secureblue/hardened-chromium: A hardened chromium for desktop Linux inspired by Vanadium.
But yes it's just a 5 contributors working on it but so far they have done incredible work keeping up to date with vanadium chromium base
Although most commits are done by a single dev
Click to expand...
fwiw went over to github and now I have a (little bit) better understanding about secureblue/hardened-chromium but no attempt yet to implement here -- I still renewing my entire linux experience...
 

Similar threads

Victor M
    • Hundred Points
Serious Discussion Alpine Linux review
Replies
3
Views
301
ChromeOS & Linux
simmerskool
simmerskool
Victor M
New Update Chrome 124 Ubuntu 24.04 LTS Apparmor profile
Replies
1
Views
965
ChromeOS & Linux
Victor M
Victor M
Gandalf_The_Grey
    • Like
    • Applause
Review: MX Linux MX-21 KDE - Now, here's a verily splendid distro
Replies
2
Views
2,075
ChromeOS & Linux
jackuars2
J

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top