Its just a thought, my experience with Firedragon. I’ve been using Firedragon since the time it was based on Floorp but recently I’ve had a few troubles. Nothing earth shattering but niggles, some web pages don’t display or refresh incorrectly, web page elements fail to load and weird views. These can be mostly resolved by tweaking the settings but a tweak on one setting upsets another setting and so on.
So for the last week I’ve been using un-Googled, chromium based Thorium and I’m quite impressed, it loads all the pages and the many bookmarks I have and is very fast. I have the same extensions but it is a much smoother and nicer experience.
So, if you want a chnage from Firedragon, give Thorium a road test.
1 Like
its issue is its always out of date vs all other blink based browsers same with his firefox version. an using the net with something out of date just isn’t recommended,
6 Likes
Hi, I have very critical words of warning about Thorium and related variants. All packages were dropped from Chaotic-AUR a while ago for security reasons. We even went as far to ensure they were intentionally removed during the update process with a warning. There are routinely very serious 0-day security exploits in browsers, especially Chromium-based ones. This becomes an exponentially bigger concern when developers lag behind pushing security updates.
For a long time there were no updates being pushed, and some particularly nasty exploits were actively being used. For example, the one that pushed us over the edge required no user interaction at all, not even any active content!
This delay is unacceptably dangerous to anyone who wants to use the browser. Considering how many updates have happened since FEBRUARY and how many vulnerabilities are active at this moment, I very very very strongly recommend you to not use it at all. The same situation is playing out as it did before by neglecting patches the last 4 months.
Context:
Currently unpatched exploits affecting users:
Summary
CNA: Chrome
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security…
CNA: Chrome
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CNA: Chrome
Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing…
CNA: Chrome
Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: GitHub (maintainer security advisories)
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS…
CNA: Microsoft Corporation
Improper link resolution before file access (‘link following’) in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
CNA: Chrome
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via…
CNA: Chrome
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control…
CNA: Chrome
Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit…
CNA: Chrome
Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CNA: Chrome
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CNA: Chrome
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a…
CNA: Chrome
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via…
CNA: Chrome
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via…
CNA: Chrome
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege…
CNA: Chrome
Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: GitHub (maintainer security advisories)
webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users’ source code may be stolen when you access a malicious…
CNA: Microsoft Corporation
Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CNA: Microsoft Corporation
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CNA: Microsoft Corporation
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
CNA: Microsoft Corporation
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CNA: Microsoft Corporation
Improper link resolution before file access (‘link following’) in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
CNA: Chrome
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium…
CNA: Microsoft Corporation
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CNA: Microsoft Corporation
Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CNA: Microsoft Corporation
Access of resource using incompatible type (‘type confusion’) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CNA: Chrome
Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CNA: kernel.org
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to…
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
CNA: Chrome
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security…
CNA: Chrome
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CNA: Microsoft Corporation
User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network
CNA: Microsoft Corporation
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CNA: Chrome
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted…
CNA: Chrome
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing…
CNA: Chrome
Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium…
CNA: Chrome
Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium…
CNA: Chrome
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a…
CNA: Chrome
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious…
CNA: Chrome
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security…
CNA: Chrome
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CNA: Chrome
Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)
CNA: Chrome
Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
CNA: Chrome
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML…
CNA: Chrome
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Wordfence
The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient…
CNA: Chrome
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
CNA: Chrome
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CNA: Chrome
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via…
CNA: Chrome
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CNA: Chrome
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
CNA: Chrome
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a…
CNA: Chrome
Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via…
CNA: Chrome
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a…
CNA: Chrome
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security…
CNA: Chrome
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CNA: Chrome
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted…
CNA: Chrome
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
CNA: Chrome
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CNA: Chrome
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
12 Likes
Well, that’s me told.
I’ll just crawl back under my rock.
Delete the whole thing if you don’t like it.
Certainly not! The intent is not to be mean in any way, just to inform of some active dangers. Sorry if it was phrased roughly–I’m just concerned for people to browse safely. There are certainly others who want to test a non-Firefox-based browser too, and there’s nothing wrong with that 
10 Likes
I mark it solved 
4 Likes
The most striking thing about Thorium was the at some point embedded Furry porn. Hahaha. If I remember correctly the dev claimed having it added accidentally or something like that. I don’t recall a lot of it. But I remember this was a thing 
Just an idea, might check out FireDragon 12 builds to see whether these are still a thing. Since it’s the most current Firefox it might have changed 
6 Likes
So naive am I, I had to Google, in Thorium, Furry Porn, Hmmmmmm.
@dr460nf1r3
Can you point me in the direction of FireDragon 12 please.
Found it.
That looks complicated… I’ll stick with the Furry P for now.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.