hello friends! new(ish)!
Chromium
Chromium | |
Type | Free |
Layout engine | Blink |
Website |
Chromium is a free and open source Web browser developed by Google and other contributors. It is known for its extremely fast JavaScript engine, multi-process security model, and rapid development cycle.
When it was initially released, Chromium was vastly superior to other major browsers in terms of performance, but this advantage gradually diminished in the years following its release as the other browsers caught up. Today, Chromium maintains an edge in JavaScript performance, security, and UI responsiveness.
Recently, Google forked the Apple-controlled WebKit project to give Chromium its own layout engine: Blink.
Google Chrome
Google Chrome is a proprietary sister project of Chromium developed by Google.
In addition to Chromium's usual set of features, it packages Google's 'Pepper' Flash plug-in, a Foxit-based in-line PDF reader, an automatic updater, and several controversial tracking capabilities. Due to the latter, it is commonly accused of being a botnet by the more security-conscious participants on /g/, for good reason.
Official release channels
- Stable is targeted at most home and office users;
- Beta;
- Dev;
- Canary is a bleeding-edge channel. Instability and vulnerabilities are to be expected.
Tracking details
Google Chrome's user tracking capabilities include, but are not necessarily limited to the following:
- Installation: upon installation, Google Chrome sends a randomly generated token from the installer back to Google. This is used to measure the success rate of Chrome installations. This feature is non-optional.
- RLZ identifier: an encoded string that, according to Google, contains non-identifying bits of information about where Chrome was downloaded from and when it was installed. It is transmitted to Google upon the first launch, first use of the address bar, and first Google search query. The collected information is used to measure the success of promotional campaigns. This feature is non-optional, but Google does provide the necessary source code to decode the string.
- ClientID: a unique identifier coupled with user preferences, logs of usages metrics, and crashes. This feature is optional and disabled by default.
- OmniBox predictions: any text typed into the address bar is sent to Google. This feature is optional, but enabled by default.
- Page-not-found web service: upon receiving a server not found response, the query typed into the address bar is sent to Google. This feature is optional, but enabled by default.
- Spell-checking web service: any text typed is transmitted to Google. This feature is optional and disabled by default.
- Google update: data concerning the user's Chrome usage, operating system details, and Chrome version is transmitted to Google periodically. This feature is non-optional.
Notable forks
Iridium
Iridium is a FOSS fork of Chromium developed with security and privacy in mind. It generally uses the same Chromium version as Chrome stable. For a list of differences between it and Chromium, see this.
Sleipnir
Sleipnir is a proprietary, Windows/OSX exclusive fork whose sole purpose is to fix Chromium's broken font rendering on Windows.
ungoogled-chromium
ungoogled-chromium is a Chromium fork built with privacy as a top priority, with Google's privacy invading aspects stripped out of the browser. It's free and open source, leveraging some patch sets from the Iridium browser. It has taken off rather quickly on /g/ and no one is wasting their time meming it. The only real drawback is that extensions cannot be installed automatically from the Chrome Web Store, requiring you download the .crx file and then drag it into chrome://extensions to install it. A workaround is to install a userscript that adds the option to download the .crx file from the Chrome Web Store.
Currently, it has native binary builds for Linux, Mac OS X and Windows.
Tags
— Development process is active.
— Development process is slow. Software is mature enough to warrant less frequent updates, unless it comes with a "buggy" tag.
— Software isn't updated regularly. Mostly fine unless it comes with a buggy tag.
— Comes with a significant amount of bugs, possibly due to slow, or non-existent development.
Notable extensions
Adblocking, privacy, and security
EditThisCookie is a great cookie manager for Chromium.
HTTPS Everywhere is maintained by the Electronic Frontier Foundation. It forces supported sites to prefer secure connections. This does occasionally cause problems, so the option to enable or disable the extension on a per-site basis is included.
uBlock Origin is a lightweight and low-resource adblocker. Has many filter lists built in, with EasyList, Peter Lowe’s Ad server list, EasyPrivacy, and Malware domains enabled by default.
- Not to be confused with 'uBlock', an EXTREMELY outdated fork with some very slight changes to the UI.
- If you feel bad about blocking advertisements, make a deal with yourself: you'll stop blocking ads when major international internet companies stop serving malware.
uBlock Origin Extra is a companion extension for Chromium-based browsers to expose websocket connections to uBlock Origin, and in that way overcome Chrom*'s extension API limitations.
uMatrix, made by the creator of uBlock, is a high performance matrix-based firewall that supports hosts files, capable of blocking a myriad of objects, complete with per-hostname and global toggles, as well as plenty of privacy oriented features. Can be used with uBlock.
Usability
APNG is for those who want to seek enlightenment to the open source masterrace animated PNG. Good for when you go to the few corners of the web that actually use these things.
Chromium Updater allows Windows and GNU/Linux users to conveniently identify, download, and install the latest Chromium build. It may not be as seamless or convenient as the automatic updates in Comodo Dragon and Google Chrome, but it does get the job done. Obviously, it should only be used with Chromium.
PDF Viewer adds PDF.js, the free and open source HTML5 PDF reader found in Firefox and Chromium.
Stylish allows the user to apply custom visual styles to Websites, internal browser pages, and more.
Tampermonkey adds a proper user script manager to Chromium. While it is certainly possible to install user scripts as Chromium extensions without this extension, it makes managing them much more convenient.
Notable patches
The ungoogled-chromium repository contains a myriad of patches that you can apply on top of Chromium in order to harden it, remove Google from your browser, or both.
Do take into account patches are modular and you do not have to use ALL of them, though you should still follow the order.
Debian
This patchset is rather simple and only aims to remove a few minor annoyances.
- Removes a few annoying warnings (e.g. default browser, the google API key warning when those aren't found, and so on);
- Disables the ad promo system;
- Increases GPU timeout from 10 seconds to 20;
- Adds PostScript printing support.
Inox-patchset
This patchset removes various Google services that you are unlikely to (/want to) use.
- Hardens the sandbox with Position Independent Code (PIE) against ROP exploits;
- Aesthetic fixes: removes branding, restores the old “new tab page”, as new one calls home, as well as Google's new Avatar and sign-in menu;
- Changes default search engine to DuckDuckGo (you should and can easily change this to StartPage);
- Disables default extensions you are unlikely to use: Hotword, Google Now, Google Feedback, Cloud Print, Google Webstore (you will have to install extensions manually, by drag-and-dropping), Network Speech synthesis, and Google Hangout;
- Disables multiple calls to Google servers: saved form data is no longer transmitted to Google, Chromium will no longer ping Google to provide the closest Google server to you, to check if IPv6 is available, or just ping Google in general.
Iridium-browser
These are the patches used on top of Chromium to create the Iridium Browser. If this is the only patchset you want to use, it will be significantly easier to simply go to their website and grab their binary, although you are certainly welcome to build it manually.
Ungoogled-chromium
The ungoogled-chromium patchset aims to further remove Google's intrusive features, mostly by removing additional detection of Google hosts, debloating the Omnibox, amongst other things. Most of ungoogled-chromium patches are mostly preference-based and will not significantly alter the way you browse, or the way the browser behaves.
For a more comprehensive list, see this.
VAAPI acceleration
There is a VAAPI implementation for ChromeOS, despite the fact the Chromium team insists its unstable on Linux, so this patch will enable it.
Bugs
- Youtube uses VP8/9 most of the time, which is not hardware accelerated.
- Solution: install this extension.
Tweaks and Fixes
Reducing RAM Usage
Enabling process per site
By default Chrom* heavily isolates each tab regardless of its domain. While doing this arguably improves security to some extent, the downside is that as the number of tabs increases, the RAM bloat due to duplication reaches absurd levels. This can end up with Chrom* using >4.5GB of RAM on a machine with 8GB thus preventing other heavy programs from running at the same time.
This can be fixed by making Chrom* use one process per site/domain and not per tab. This greatly reduces RAM usage while (probably) not sacrificing much from a security standpoint. However, should a given site crash, so will all tabs on the same domain. Use the following command-line argument:
chromium --process-per-site
For more details go here.
Suspending unneeded tabs
If you have tabs sitting around that you don't really actively need, you can unload them using The Great Suspender.
Fixing GPU hardware acceleration on Linux
In order to see if GPU acceleration is available, go to chrome://gpu. If it isn't, simply launch Chromium with the flag --ignore-gpu-blacklist
, or enable Override software rendering list
in chrome://flags, to fix it.
Fixing touchscreen on Linux
If your device runs Linux and has a touchscreen, you probably noticed that, by default, Chrom* completely ignores touch events. To make Chrom* use your touchscreen, you first need to find your input device ID:
xinput list
Find the ID of "Virtual core pointer", let's take for example id=2
. Now run Chrom* with the following argument:
chromium --touch-devices=2
If ID of "Virtual core pointer" doesn't work, try the ID of touchscreen device.
KDialog freezes
Launch with the following environment variable:
NO_CHROME_KDE_FILE_DIALOG=1 chromium
Installing extensions
... that require a Google account.
Certain extensions demand that the user login to a Google account to install them from the Chrome Web Store, but a workaround exists. However, there is a weakness: the extension cannot be automatically updated.
- In this example, we will be using the Google Drive extension
https://chrome.google.com/webstore/detail/google-drive/apdfllckaahabafndbhieahigkjlhalf
); - Locate its ID: the apparent gibberish following the extension's name in the URL which, in our example, happens to be apdfllckaahabafndbhieahigkjlhalf;
- Insert it in place of the bracketed statement in the following URL:
https://clients2.google.com/service/update2/crx?response=redirect&x=id%3D[Your ID Goes Here]%26uc
; - In our example, the final URL is:
https://clients2.google.com/service/update2/crx?response=redirect&x=id%3Dapdfllckaahabafndbhieahigkjlhalf%26uc
; - Now we must open it in a new tab and save the offered CRX file to a convenient location;
- Unfortunately, the file will not work for us as is, since we are not installing from the Chrome Web Store, so, to work around this problem, we must extract the contents of the CRX file to a folder with an archiver like 7zip;
- Now, we must enable 'developer mode' on the extensions page and load the folder as an unpacked extension.
Provided everything went according to plan, we should have have a working extension.
Alternatively, you can just run Chromium with "--enable-remote-extensions"