On Wed, 2015-03-04 at 21:09 -0500, Jude Nelson wrote: > > Besides issues related to Chromium's poor support for privacy features, > > it also has no real security support. > > No comment on the privacy features, but I beg to differ on the security. > The fact that the Linux build of Chromium runs each tab and plugin in its > own seccomp'ed process and runs them all separately from a "kernel" process > puts the browser worlds ahead of Firefox in terms of security. Excluding > project Electrolysis (which I look forward to), the fact that Firefox runs > every tab in the same process means that one bad tab can compromise the > whole browser without too much effort. By contrast, Chromium's > kernel/process-per-tab factoring has led to secure browser designs [1] > where this class of exploit and others are provably impossible.
Methinks you missed the point. Forget the kewl tech and concentrate on the people problem. Chromium/Chrome can't be secure on a Linux based on Debian, period. Full stop, end of discussion. They do not support anything but the current version and it quickly becomes unbuildable on a stable Debian release because they freely import dependencies on every new and shiny bit they see and expect it to be present in the very latest version. They don't even support RHEL 6, you have to grovel around on the Internet for wildly unsupported and dubious procedures (involving repackaging Fedora binary packages and shoving them down /opt and LD_LIBRARY_PATH trickery) to keep Chrome running, I know because I'm supporting fifty some odd workstations right now running CentOS 6 and need more than one browser available. They didn't just drop support for 6 when RHEL 7/Centos 7 shipped, no they dropped it over a year before the beta for 7 even appeared. And that is the 'Enterprise' distro with the big corporate accounts; Google doesn't give a crap. Moz didn't either, but when enough large sites complained about the constant version churn they at least delivered an LTS version. They are far worse than Moz when it comes to treating Linux (Android/Linux and Chrome/Linux excepted of course) as a red headed stepchild. If you want Chrome you run Windows, ChromeOS or a bleeding edge Linux distro.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
