Ask HN: Is Firefox better than Chrome when it comes to user security?
Is it actually meaningfully safer for a user to use Firefox over Chrome?
It feels like Chrome being made by Google can employ more folks, respond to 0-days, with integrations for Google accounts, it provides a decent password management experience, passkeys, etc.
I understand folks have concerns with Google as a company, but ignoring that would the average user be safer using Chrome?
98 comments
[ 3.0 ms ] story [ 169 ms ] threadThe main consideration is chance of zero days. Anyone knows?
1. CVE Chrome vulnerabilities: 3415 (https://www.cvedetails.com/product/15031/Google-Chrome.html)
2. CVE Firefox vulnerabilities: 2622 (https://www.cvedetails.com/product/3264/Mozilla-Firefox.html)
I would say other things like tracking for example poses a higher security risk and for that reason makes Firefox the safer choice. But you have other browsers that builds on their engines like Librewolf and similar that are even safer.
And since “private” and “secure” are correlated…
About security: Chrome has a biggest workforce, yes. but let's think about this a bit...
First, let's not forget that chrome is also a bigger target.
let's imagine this: Consider that 90% of the users worldwide use chromium-based browsers, and you are an hacker who wants to steal peoples data or access their computers.
Would you bother targeting 10% of the users. Or would you just go after those 90%???
now add another detail into that thinking:
people who use Firefox are mostly techies, people who know about computers, gnu/linux users, developers, more security-conscientious users, people who actually know and care about the tech that goes bellow, people that knows what's happening in the IT world, and people that simple don't go with the flock without studding it's path first... now... would you really bother targeting those when you have 90% of people - where probably 85% don't know anything about computers or just don't give a #$%& about it???
Would you go easy bait, or would you try to outsmart those who might be at the same level you are???
(sure, there is always exceptions!!!)
but then again... maybe that's just me...
I'm not sure i agree with all you said.
Servers: mostly are not on x86. Also they are a lot more difficult to exploit due to the security nature of linux (yes, they go down very often and nothing is unhackable)
developers, sysadmins: tend to have the hardest configs and thus making it a lot more difficult to hack.
So, afaik, most of the hacks on this areas are more due to human flaws than the systems per se.
Now, i do agree that for a group of hackers with profound knowledge and that is trying to hit really big, servers are more attractive. devs and sysadms alone/personally not that much! ... unless ... they are targeting the servers managed by those devs and sysadms and in this case, targeting the devs and sysadms personally make more sense - which tend to be one of the best/easiest ways to hack the servers - again, exploiting human flaw instead of system flaw)
naturally, this is my personal view! I may be wrong here!
Let's agree that we disagree. I'll just say that I work for a cloud provider and non-x86 servers are anecdotal :) but their media presence is not, as it's the new hot thing and that's free advertising.
> developers, sysadmins: tend to have the hardest configs and thus making it a lot more difficult to hack.
yet those people have a cognitive bias of "i'm too smart to fall". and those people will have some practices that are so detrimental to security it's laughable. how many developers will shutdown their laptop every day after work? compare this to the common practice of "just go to sleep" which will prevent browser updates, system updates, kernel updates, you name it. take a firefox that is months old with an unpatched ubuntu and you get the idea ground for a browser escape combined with an lpe. and even without lpe you'll grab many many credentials.
imho those still are harder to trick, but not because the config is hardened, but because there is a config at all. for example a phishing that imitates a floating browser window with a fake login page would not work on me. not because i'm smart, not because my config is hardened or whatnot, but because good luck to the scam for finding the specific window decorations I have on my linux system. oh, and the fact that I use a tiling wm and thus floating windows don't exist. it's a side effect of nerds being nerds.
> So, afaik, most of the hacks on this areas are more due to human flaws than the systems per se.
This is not incompatible. "normies" will get tricked in downloading invoice.pdf.exe, but that's windows only. The payout for invoice.pdf.sh or whatever may be very high, but you need your rat or stealer or whatever to know linux.
> unless ... they are targeting the servers managed by those devs and sysadms
That was the precise reason I talked about devs and sysadmins. Infrastructure credentials, aws keys, you name it.
And as a dev/sysadmin, you don't need targeted attacks to get pwned. A malicious package on npm/gems/cargo is all it takes. It's a spray and pray strategy, but if you catch even a handful of people this way it might be the jackpot.
Some progress is made though...
Brave: https://brave.com
Thorium: https://github.com/Alex313031/thorium
Specially Brave (within the Chromium-spectrum only) is probably one of the best choices (if we ignore some details, of course...)
Still, i actually have more faith in servo: https://servo.org
Together with RedoxOS, COSMIC EPIC, and coreutils in Rust -- the future holds such great potential :)
But i still prefer Genode/Sculpt + seL4 (https://genode.org)
they are doing amazing work there!!! If only they had a nice GUI (say... LXQt, for example)
They take privacy and security seriously but then they have all this "extras" (ads, cryptocoins, rewards and a bunch of other things i don't like...)
All in all, i would say it's probably the best within the Chromium-based browsers, but i still don't use it!
Even more: if they could create something that targets both platforms that will be even better...
The question will always be of Work Vs Gain. Will your work result in gain. Does it justify targeting those 10%? (if it's an "easy thing to do" then we'll all get targeted)
Firefox with its default settings is both less private and less secure than Brave. On iOS, Firefox has refused for years to implement an adblocker.
It’s best to say nothing if you don’t know what you’re talking about.
I also don't like to go with the flock...
and... how cares about the defaults? You have the options you should care to configure things for yourself. if you don't know how you should search and instruct yourself to do it.
About iOS... Have you even considered that Apple has forced their rendering engine ( https://gprivate.com/6btxx ) and that alone makes it impossible to have an adblocker - yeah... apple is THAT great!!! (in fact, their products are the best of the best. You should keep using them...)
but then again... i don't know what i'm talking about, do I!!!
(also... you should learn how to be polite to others!!!)
Given that, telling you to be quiet is about as polite as it gets.
> On iOS, Firefox has refused for years to implement an adblocker.
Blame Apple.
These days ads are an attack vector. I’d never let my parents browse the web without a blocker.
Blame Mozilla. Most iOS browsers have built-in adblocking.
But aside from that recent exception, no one ever had anything except Safari on iOS, even if they thought otherwise.
You should really do your research.
You haven't been blocking them, because iOS with Safari didn't allow that.
Hiding, and blocking, are not the same thing. The former is far less secure than the latter.
As for blocking ads on iOS with Brave, well, it really doesn't work that well[0]. Why? Because iOS doesn't let you block ads, unless you are in the EU and on 17.4 or later.
You should exit the RDF and really do at least a bare minimum of research.
[0] https://community.brave.com/t/is-brave-even-blocking-ads-on-...
You really should read links you post.
Brave even has an option where you can choose to do:
- “aggressive” blocking (will refuse to connect to ad domains)
-“standard” blocking (will connect but block, to prevent breakage)
I will stop responding now because I’ve corrected you multiple times and you refuse to listen.
You're being fooled by marketing.
Just because Brave calls it blocking, doesn't mean it is blocking.
Again, just do some god-damn research. Really, the bare minimum. It isn't news to anyone educated on this stuff that Apple has never* allowed proper ad blocking until recently in the EU.
But, believe whatever you want. I get being too scared to leave that ever so comfy RDF you found yourself in.
Well, I tried.
cough* safe browsing cough*. /s
Enabled by default.
Is this not the case / am I misunderstanding something?
Ref: https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-...
Most of cyber-criminals however, will target Chrome because it's way more used.
In term of control the password manager of firefox don't need you to have an account. That is very important because, you want to use a password manager on the web and to be able to actually trust it. Google can close you account without previous notice.
I was using Google Workspace for my family, then realised that if Google decided to nuke my account I would lose so much, and migrated away from Google's services to individual ones instead. Fastmail for mail, Tresorit/Dropbox for cloud storage, iCloud (with backup) for photos, etc.
Sure, you're still at risk if a company nukes an account but you'd not lose your whole online life.
I don't think 0-day will be wasted on targeting random nobody.
To be more secure, only way is to reduce surface area. Someone like journalist should disable JS/cookies, all plugins and extensions and preferably browse through a locked down VM. Don't know if there is any minimal browser that has actively removed features.
But Firefox seems to have much better security when it comes to reviewing extensions. Some popular extensions go through approval and source code review on every release.
Chrome Play store does not seems to have that. Google incentive even goes against something like UBlock. If extension gets sold, or developer account compromised, we may get widely distributed malware!
It also worth to mention that Firefox is built with Rust, and Chrome mostly C/C++.
Each page runs in separate memory space. Chrome had this from the begging for more than a decade, Firefox added very recently https://portswigger.net/daily-swig/firefox-debuts-improved-p...
So I wonder how much unnecessary information people using Chrome leak to those sites and the third parties that receive, log and possibly sell those data.
For Firefox, you have to worry about the next "pocket", or the next "Mr. Robot"...
Manifest v3 is looming as well.
Six of one, half a dozen of the other. /shrug
¯\_(ツ)_/¯
My experience is that security is a function of simplicity and individuals having a complete understanding of the code and implications of changes.
Implications:
- A smaller team will generally lead to more secure software than a larger team.
- Many security layers are counterproductive.
In studies, bugs per KLOC are relatively consistent. A 100-line program can be fully auditable. One with a JIT in a virtual machine in a sandbox looks, on paper, more secure. In practice:
- There are many more places to introduce bugs.
- Beyond some level of complexity, it's impossible to understand the security model holistically.
- Bugs often cut across layers
- Layers are often used as an excuse ("We'll leave this, since that other layer will catch it).
Layers can be okay if they're well-understood, analyzed, and well-documented (e.g. postfix). However, the vast majority of the time, they're not. People pointing to bigger workforce or sandboxes in Chrome aren't selling me. It only takes one idiot.... And for sandboxes? I've never seen a clean block diagram of the Chrome security model.
To be clear: I'm not arguing which browser is more secure -- simply that the arguments in this thread don't sell me.
I don't think this is controversial at all. For example: I keep using uMatrix to block (by default) or allow scripts, frames and XHR because it's orders of magnitudes simpler to use than the way the same developer added that functionality to uBlock Origin. I still use uBO to block ads and hide unwanted elements from the DOM. It's the difference between writing [pick your favorite high level language] and machine code. If all I had was uBO I would let those scripts run.
What you say is well documented and you made a reasonable comment!
The bigger the software, the more likely it is to be exploited...
Where is this part documented? I've read that security is best done as a layered approach
i don't have any example over this part. Maybe the OP has...
Still, a layered approach is great "on paper" (and probably the best actual solution we have atm), but it is only great in practice if it's well coded and the op is right that in lots of cases there are numerous flaws.
yes, you have failsafes on the layer bellow, but then again... it's just another "challenge" to find the flaw...
If we have a simple and effective code (à lá unix: do one thing, do it well), that has the possibility of becoming more effective that "flawed layers".
yeah... we can have multiple - simple - layers... but again... that will also raise the possibility of unforeseen flaws...
all in all: it's always a double-edged sword...
you're right and the op is right XP
(unless the layered approach is actually really really well coded!!! That's the ideal... but not many can do it!!! - i surely can't ahahah)
My experience is that only helps if each layer is carefully designed and analyzed at a level impractical for most real-world systems.
In most cases, unless you're designing Unix from the ground up, the better approach is KISS.
That aside, what you are asking is really just you giving your personal preference of a browser and if we agree.
Multiple confirmations from reputable sources, including former and current Googlers, have verified the authenticity of this leak. It's not a hoax or a joke but a genuine breach of information that has piqued the interest of all SEO researchers. Here's a reliable summary of the findings:
– Google has allowlists of manually optimized sites, at least for certain topics, such as the 2020 elections or COVID-19.
– Domain names and subdomains are significant factors (despite Google's previous claims).
– There's a sandbox for new sites, which Google has always denied.
– Google directly uses data from EWOK (a system where paid users rate the quality of search results).
– User behavior on sites is actively used for ranking.
– Click data is collected not only from Google Analytics but also directly from the Chrome browser.
– Sites are categorized based on click volume, affecting their quality ranking and PageRank contribution.
– Google considers the overall brand size, including mentions across the internet, not just links.
– Content and links are secondary to clicks and site navigation behavior.
– SEO is almost irrelevant for most small companies and sites without a brand, user base, and reputation.
This is a monumental event in the world of Google Search, marking the most significant leak in the past 10-15 years. It suggests a potential discrepancy between Google's public statements and its actual search practices [3]. The strategy has shifted towards clickbait and bot farms, challenging the long-standing belief that 'content is king.' Unsurprisingly, Google has chosen to remain silent [4]. I recommend reading this article on iPullRank [5] for a more comprehensive understanding.
If you want to stop giving all your data to Google, consider using a non-chrome browser like Firefox.
[1] https://github.com/googleapis/elixir-google-api/commit/078b4...
[2] https://sparktoro.com/blog/an-anonymous-source-shared-thousa...
[3] https://www.seroundtable.com/google-chrome-search-usage-1561...
[4] https://www.theverge.com/2024/5/28/24166177/google-search-ra...
[5] https://ipullrank.com/google-algo-leak
Chrome is much more secure against browser exploits than Firefox. It is perhaps the most advanced piece of security software in the world.
Firefox is a lot more private than Chrome, given that Chrome is chock full of Google surveillance.
Ungoogled Chromium is the best of both worlds, but only if you manually build and update on a near-daily basis.
Note that most people’s advice on this topic is a non-expert, non-informed opinion. Browser choice is a pretty tribalistic, identity-tied thing. It’s like asking people “which is more secure, android or ios?”. (The answer is iOS by a mile, but most “security” types won’t give that answer because they don’t like it. Same goes with Chrome/Firefox.)
Also, doesn't Firefox also have a decent password management function?
You are so unlikely to get exploited by a browser vulnerability (if you update) that it's not worth writing about. The people powerful/rich enough have or can acquire an exploit for both.
The choice of browsers is more about what features you want and whether you want a browser engine monopoly or not. Firefox has a few features I like not present in chromium and it's also not part of the monopoly so I use it.
Integrations for Google accounts can be seen as a privacy violation. Google doesn’t need to know what other services I am using.
Google’s password manager still has my passwords saved after disabling the feature AND manually “deleting” each one individually. Do not trust them with your passwords.
Firefox security has improved significantly in the last decade, it was pretty terrible back then. "Electrolysis" and "Quantum" certainly helped.
But, I tend to thing on OpenBSD both chrome and Firefox is more secure than other systems because those are patched with pledge and unveil. So most of the system does not exist for them.