Google chrome

Google Chrome 105 fixes 24 security issues

@AndyPrough

Links2 and Lynx are also secured in a very fun way. If you don’t support any feature, you can’t be hacked either – all avenues are closed. 😀

> they really need to get the number of zero-day exploits under control.

I think it’s unavoidable for an OS-sized code base. Don’t say that with the salesman voice of @Anonymous123 here. I mean, all modern browser codebases are more or less the size of operating systems. These actually found issues indicate that people are actually working with the code and don’t necessarily imply poor code quality – again, consider the size of the codebase we’re talking about here.

Firefox, given the state of its exploit mitigations, which is equal to Chromium from 3-5 years ago, might well have more zero days hidden in the code, but who’s to know? If I was a villain, I wouldn’t care about catching the 3% of all internet users who have Firefox installed either.

> I would rather see chromium finally taken out of google’s control and taken over entirely by a non-profit community.

Yes, of course, but who will pay the developers? The reality of Chromium and also Firefox is that most contributions come from full-time employees of the respective companies. If we had to rely solely on volunteers, we would be in dire straits.
I can’t even imagine what such a non-profit organization would look like. Would the companies currently developing Chromium send their developers there? If so, how long would they remain employed at their parent company, especially if the value of such a foundation is in question! ?
Either way, it could work like the Linux Foundation which also oversees several large companies contributing to the Linux kernel (it’s also not a volunteer-run project, contrary to what most of the community thinks it is). Or maybe the “Mozilla model”, where the “Chromium foundation” essentially sells its search bar (and its soul, haha) to the highest bidder, which will be Google. Not optimal either.

Firefox is developed by the for-profit Mozilla Corporation which is a subsidiary of the non-profit Mozilla Foundation, so FF is also not developed by a non-profit organization and only survives because Google wants it to survive. I know it’s not nice to say they’re corporate leeches, but that’s basically what it is. Mozilla is beholden to Google, is “the opposition” and so far hasn’t hurt Google with its decisions. Not sure Google wants the same for Chromium (!?) where they reserve high preflight rights, it’s not the nice sideline pseudo opposition, you see, it’s their own main product! Would be an uphill battle to be sure, unless their jurisdiction, i.e. the United States, forces the move.

> As long as Google controls its development, no one will fully trust it.

Well, you can audit the code, and you can also fork it and do anything with it downstream. The thing is, no one has yet called for a “Chromium Foundation” because so far Google hasn’t done anything bad enough to be unfixable, which means all the issues have been fixed so far , not least because even Google requires internal kill switches. for their characteristics, in case something goes wrong for them. Google would have to do something very outrageous upstream that would ultimately exceed all available engineering capabilities downstream to make such a call happen. I don’t know what it could be, pretty sure Manifest V3 isn’t, as it’s quite easily circumvented via a native ad blocker. Such a change should also be open source, due to the way Chromium is licensed, which further casts doubt on whether or not something like this would be possible from Google’s POV. I press X to doubt here, sorry.

I also have a problem with the idea that “Google code = unapproved” (even if auditable) while “Mozilla code = approved”. I have no reason to trust Mozilla. As far as I know, this is a very opaque organization, funded by Google, openly fighting for a centralized and heavily censored web, and it’s also been found that they don’t take user rights as seriously they claim (like when they hacked into the DNS resolver in Firefox and switched it to Cloudflare – one hell of a privacy giant – via the default open backdoor otherwise known as Firefox Experiments, nothing less). That issues like these are glossed over (when anything Brave has ever done that has ever been 1/4 as bad as that is overkill, which is ridiculous) also makes me very suspicious of the community – I mean, what else can be expected in the future if the community does not speak out here, while wasting its time keeping a close eye on competing projects with little results? Makes me question this organization + community, hope this makes sense.