Thorium: Cross-platform patched Chromium fork

jsheard · 2 years ago

The stakes are so high with browser security that it's the last software I'd want to use some random persons fork of, even if they appear to have good intentions. I don't particularly trust Googles intentions but I do at least trust that they have their shit together when it comes to security.

barfbagginus · 2 years ago

Just slurp upstream's security patches, that ain't so bad.

pennybanks · 2 years ago

what would be some security concerns in a situation like this? genuine question

paulryanrogers · 2 years ago

Patches introducing buffer overflows, or weakening existing security through ignorance or negligence.

dcsommer · 2 years ago

Remote code execution + local privilege escalation to own your device. Just last week on the RCE front: https://thehackernews.com/2024/05/new-chrome-zero-day-vulner...

Retr0id · 2 years ago

Chromium likely has plenty of "dormant" bugs - bugs that exist in the source code, but consistently compile to safe (or unreachable) machine code, more or less due to good luck.

This project messes with optimisation flags, which have a good chance of "waking up" those bugs (If you've ever had code work at -O1 but not at -O3, you know what I'm talking about). The same goes for compiler bugs, too. The real Chromium is aggressively fuzz tested, but this project is almost certainly not, or at least, not to the same extent.

Turning on features like JPEG-XL also increases attack surface.

newshackr · 2 years ago

Stealing bank account sessions

add-sub-mul-div · 2 years ago

Surveillance capitalism is built on the ad tech foundation that's primarily facilitated by Google but sure let's give them points for security.

userbinator · 2 years ago

No surprise, first thing I see in the comments section is FUD.

Deleted Comment

Sarkie · 2 years ago

This was flagged by our internal security scans due to some dumb Easter egg the developer added.

Fast or not.

Not a fun email

drwl · 2 years ago

I found the original commit [1] since the other Github link in the thread shows the removal. I'm not entirely sure what the thought process was around adding it to begin with

[1] https://github.com/Alex313031/thorium/commit/26655c920b6a9e4...

edit: the commit link is nsfw

whalesalad · 2 years ago

https://github.com/Alex313031/thorium/commit/9947421f1480bd1...

000ooo000 · 2 years ago

Yeah.. not sure I want my browsing taking place in software authored by someone who does this kind of thing. Gross level of immaturity. Dumb furry joke today, adware tomorrow.

numpad0 · 2 years ago

Found previous HN discussions: https://news.ycombinator.com/item?id=38854932

TLDR:

- project contained a suggestive furry art(no genitals)

- also contained anti-circumcision photo(with genitals)

- that photo may or may not have been reported as CP

Am I just super unlucky, or do furry people have high chances of being super arrogant religious extremists?

Deleted Comment

callalex · 2 years ago

I’m curious what kind of rule set/heuristic this set off? It’s not necessarily a bad alarm but certainly a non-obvious result.

quotemstr · 2 years ago

It's not an easter egg. It's just something needless and inappropriate. I'm all for whimsy and fun and easter eggs, but this is just... crass.

Deleted Comment

dang · 2 years ago

Related. Others?

Thorium Browser: The fastest browser on Earth - https://news.ycombinator.com/item?id=38900191 - Jan 2024 (3 comments)

Thorium – The Fastest Browser on Earth - https://news.ycombinator.com/item?id=38896266 - Jan 2024 (14 comments)

Thorium – The first browser to score over 600 speedometer points on a Mac M3 Pro - https://news.ycombinator.com/item?id=38894920 - Jan 2024 (57 comments)

Thorium – Radioactive Chromium Fork - https://news.ycombinator.com/item?id=38854932 - Jan 2024 (26 comments)

Don't Use Thorium Browser – If Installed, Remove It - https://news.ycombinator.com/item?id=38647363 - Dec 2023 (21 comments)

Thorium – The Fastest Browser on Earth - https://news.ycombinator.com/item?id=37917922 - Oct 2023 (2 comments)

Thorium is the first browser with HEVC and AC3 support even in a mkv container - https://news.ycombinator.com/item?id=36455533 - June 2023 (8 comments)

Show HN: Thorium – The fastest browser on Earth - https://news.ycombinator.com/item?id=31525464 - May 2022 (3 comments)

Outline of benefits of Thorium over vanilla Chromium - https://news.ycombinator.com/item?id=29946310 - Jan 2022 (31 comments)

Retr0id · 2 years ago

"fastest browser on Earth" seems like an editorialized title. What's the source of that claim?

Edit: looks like the post title has since been edited

nateb2022 · 2 years ago

https://thorium.rocks/performance

Ameo · 2 years ago

I ran Thorium for a while on Linux because the claimed performance improvements appealed to me. However, I recently ran some actual modern browser benchmarks and vanilla Chrome performed significantly better in every one I tested. My testing wasn't by any means scientific and there are an enormous number of factors to consider of course.

Maybe it's a quirk of my system, or some recent changes they made to Chrome's build process (LTO, BOLT optimizer, etc.) but yeah I've switched back to plain Chromium.

WorldPeas · 2 years ago

Not to put salt in an old wound but didn't Chris Titus get in hot water after he recommended this, and it was found to contain certain adult images?

DrNosferatu · 2 years ago

Any benchmarks?

nateb2022 · 2 years ago

https://thorium.rocks/performance

mdaniel · 2 years ago

Seems they're really into "windows 7-ing" all the things <https://thorium.rocks/win7>, hacking^W Optimizing!!1 Firefox and VSCodium, too

and FWIW I despise the thinking that leads one to commit ever-changing binary artifacts into git because then $(git clone) turns into a DVD sized download https://github.com/Alex313031/codium/commit/5bd47c17194e8019...