I would like to see all "desktop" applications that use Electron listed and how big of a Chromium drift is there, especially how many applications are shipping runtimes with unfixed vulnerabilities.
Cool idea, but without longer-term tracking of how long each browser lags for each Chromium release, it's hard to draw any meaningful conclusions. It's also clear that in the case of major vulnerabilities, vendors would fast-track adoption of the patch.
I would definitely include the fact that "major" versions of Chromium are released every 2 weeks. For instance, Vivaldi is on version 146.0.7680.218 that released this Tuesday [1], only 5 days ago.
This is somewhat useful, but I know for instance that Vivaldi is often one version behind for the sake of stability, but also will also release incremental security updates in the period before major version updates.
The problem is: we all are behind Google. Google sits in the driver seat here.
This is really, really bad ...
Edit: Ok, almost all of us. There are some non-Google browsers such as firefox, but Google dished out money to Mozilla for many years, which made real competition impossible.
A lot of people are stuck with safari on iOS where there's not even another browser since apple bans them.
People choose to download Chrome over firefox, to ditch their custom browser engine (microsoft & opera) in favor of chromium.
We've centralized development effort on a large open source project.
Why exactly is this really really bad?
I find the safari situation bad because I can't use various web standards, it's closed source, etc, but the chromium one doesn't bother me. I just install firefox.
It would be good if Samsung browser were listed. It has about 10% market share of chromium browsers and is on version 136. It sticks to one version for months at a time and then jumps several versions. Going by historical data it's due for another jump soon.
Why is Vivaldi listed as behind when it's on the extended stable branch, which is a maintained branch?
Also, aside from that, it also perpetuates a silly idea that's popular in tech which is that security patches can't be backported or added by someone who forks software.
Like, the founder of Brave is one of the OG Mozilla guys, founder of Vivaldi did Opera, Edge is MS... These aren't dumb teams.
28 comments
[ 1.9 ms ] story [ 32.1 ms ] threadI would definitely include the fact that "major" versions of Chromium are released every 2 weeks. For instance, Vivaldi is on version 146.0.7680.218 that released this Tuesday [1], only 5 days ago.
[1] https://chromium.googlesource.com/chromium/src/+/f97d14f8a0a...
> users are exposed to known, already-patched security vulnerabilities
Then why only focus on major versions? Don't minor versions/revisions have security fixes?
Yet another reminder, lawmakers US/EU/Anywhere else, should force all browsers to actively block fingerprinting.
That won't happen.
A point-in-time view is interesting but it's less useful than a graph over time.
Would be fun to add the version shipped in LG smart TVs (hint: it's ancient)
https://chromium.googlesource.com/chromium/src.git/+/main/do...
This is really, really bad ...
Edit: Ok, almost all of us. There are some non-Google browsers such as firefox, but Google dished out money to Mozilla for many years, which made real competition impossible.
People choose to download Chrome over firefox, to ditch their custom browser engine (microsoft & opera) in favor of chromium.
We've centralized development effort on a large open source project.
Why exactly is this really really bad?
I find the safari situation bad because I can't use various web standards, it's closed source, etc, but the chromium one doesn't bother me. I just install firefox.
Also, aside from that, it also perpetuates a silly idea that's popular in tech which is that security patches can't be backported or added by someone who forks software.
Like, the founder of Brave is one of the OG Mozilla guys, founder of Vivaldi did Opera, Edge is MS... These aren't dumb teams.