Cromite browser was a privacy and security oriented Android browser.
Their latest update was in 21th of May: v148.0.7778.168.
Their commit history also suggest that the browser is slowly being sunset.
To put it into context, the current version of chrome on Android is 150.0.7871.63, released on 30th of June.
Helium browser. Still Chromium but much better then Chrome.
What are the drawbacks to helium?
YSK that every Chromium-based browser is harmful and should be avoided, regardless of how up-to-date it is.
Why? I’m on a chromite fork that comes with e/OS. I also have IronFox. E/OS blocked trackers in both.
It’s not a “privacy for you right now” thing; it’s a “big picture/health of the Web as a whole” thing. I explained already in other replies.
What about GraphenOS’s Vanadium?
As a GrapheneOS user I’m aware of the developers’ arguments for it, but it has the same problem as every other Chromium browser: Google controls the upstream code, so it’s still going to contribute to Google’s harmful hegemony over web standards.
It probably is more “secure” than Firefox, though, measured against the GrapheneOS devs’ threat model. But my problem with Chromium is one they don’t even try to address.
Going with that argument though, isn’t the whole of GrapheneOS then problematic as Google also controls that upstream code?
The rest of GrapheneOS doesn’t influence how web developers design websites, or what fingerprinting and other private information the browser allows sites to steal from users.
It’s not just Manifest V3, either. It’s also the “Web Environment Integrity” API (read: DRM for websites) and “WebMCP” and such. Those are the sorts of monopolistic practices and enshittification you’re supporting and endorsing whenever you use a Chromium-based browser, including Vanadium.
Android and its apps?
Please use it over any <insert any non-chromium browser engine here> browser.
Why? For my threat model? I like having my adbocker in Firefox. I’ll take uBlock blocking ads and trackers every minute of every day over hardening against some exotic exploit I’m never going to encounter.
No, I’m not taking the “why should I care I have nothing to hide” privacy stance, but the XKCD “4096-bit-encryption-pipe-wrench” stance.
GrapheneOS includes our Vanadium subproject providing privacy and security enhanced releases of Chromium. Vanadium is both the user-facing browser included in the OS and the provider of the WebView used by other apps to render web content. The WebView is the browser engine used by nearly all other apps embedding web content or using web technologies for other uses. It’s also used by many minor web browsers not forking Chromium as a whole. These apps using the WebView benefit from a subset of the Vanadium hardening.
Vanadium was previously primarily focused on security hardening but we plan on adding assorted privacy and usability features. In the near future, we plan to add support for always incognito mode, improved state partitioning, backup/restore and many other features.
Chromium-based browsers like Vanadium provide the strongest sandbox implementation, leagues ahead of the alternatives. It is much harder to escape from the sandbox and it provides much more than acting as a barrier to compromising the rest of the OS. Site isolation enforces security boundaries around each site using the sandbox by placing each site into an isolated sandbox. It required a huge overhaul of the browser since it has to enforce these rules on all the IPC APIs. Site isolation is important even without a compromise, due to side channels. Browsers without site isolation are very vulnerable to attacks like Spectre. On mobile, due to the lack of memory available to apps, there are different modes for site isolation. Vanadium turns on strict site isolation, matching Chromium on the desktop, along with strict origin isolation.
Chromium has decent exploit mitigations, unlike the available alternatives. This is improved upon in Vanadium by enabling further mitigations, including those developed upstream but not yet fully enabled due to code size, memory usage or performance. For example, it enables type-based CFI like Chromium on the desktop, uses a stronger SSP configuration, zero initializes variables by default, etc. Some of the mitigations are inherited from the OS itself, which also applies to other browsers, at least if they don’t do things to break them.
We recommend against trying to achieve browser privacy and security through piling on browser extensions and modifications. Most privacy features for browsers are privacy theater without a clear threat model and these features often reduce privacy by aiding fingerprinting and adding more state shared between sites. Every change you make results in you standing out from the crowd and generally provides more ways to track you. Enumerating badness via content filtering is not a viable approach to achieving decent privacy, just as AntiVirus isn’t a viable way to achieving decent security. These are losing battles, and are at best a stopgap reducing exposure while waiting for real privacy and security features.
Vanadium will be following the school of thought where hiding the IP address through Tor or a trusted VPN shared between many users is the essential baseline, with the browser partitioning state based on site and mitigating fingerprinting to avoid that being trivially bypassed. The Tor Browser’s approach is the only one with any real potential, however flawed the current implementation may be. This work is currently in a very early stage and it is largely being implemented upstream with the strongest available implementation of state partitioning. Chromium is using Network Isolation Keys to divide up connection pools, caches and other state based on site and this will be the foundation for privacy. Chromium itself aims to prevent tracking through mechanisms other than cookies, greatly narrowing the scope downstream work needs to cover. The focus is currently on research since we don’t see much benefit in deploying bits and pieces of this before everything is ready to come together. At the moment, the only browser with any semblance of privacy is the Tor Browser but there are many ways to bypass the anti-fingerprinting and state partitioning. The Tor Browser’s security is weak which makes the privacy protection weak. The need to avoid diversity (fingerprinting) creates a monoculture for the most interesting targets. This needs to change, especially since Tor itself makes people into much more of a target (both locally and by the exit nodes).
WebView-based browsers use the hardened Vanadium rendering engine, but they can’t offer as much privacy and control due to being limited to the capabilities supported by the WebView widget. For example, they can’t provide a setting for toggling sensors access because the feature is fairly new and the WebView WebSettings API doesn’t yet include support for it as it does for JavaScript, location, cookies, DOM storage and other older features. For sensors, the Sensors app permission added by GrapheneOS can be toggled off for the browser app as a whole instead. The WebView sandbox also currently runs every instance within the same sandbox and doesn’t support site isolation.
Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox/Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS
isolatedProcessfeature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.Ooh copy pasta! I don’t have time to pick apart every point, but a few notes:
Vanadium was previously primarily focused on security hardening but we plan on adding assorted privacy and usability features. In the near future, we plan to add support for always incognito mode, improved state partitioning, backup/restore and many other features.
This statement dates back to at least 2022. How long do we get to wait for “assorted privacy and usability features”?
Chromium-based browsers like Vanadium provide the strongest sandbox implementation, leagues ahead of the alternatives.
Citation needed.
Worst of all, Firefox does not have internal sandboxing on Android.
A statement that also dates back to at least 2022. Factually untrue as of Release 147 in January, 2026.
Firefox isn’t perfect, and Vanadium is absolutely more secure. I’m genuinely happy it’s the WebView implementation on my phone, and I use it in the rare event FF fails me. But for my use case and threat model, Firefox (with Vanadium WebView) blows Vanadium alone out of the water. uBlock makes every website load 10x faster, and I haven’t seen an advertisement in years.
I would recommend Firefox on Android to everyone I know who isn’t actively being targeted by a three letter agency.
No.
Then you aren’t using the most secure open source browser.
But I am escaping the corporate browser monopoly. I’m good on that.
I’m curious if you own a smartphone and if so, what OS it runs.
Yeah and it’s android. I know the whole spiel you want to give me, can we just not do that? You’re opting back into the Google ecosystem in the name of security, and I don’t choose that. Using Firefox is the only current option I have for avoiding using a browser controlled by Google. I’ve read the arguments about sandboxing and all and I don’t find it a compelling reason to use Google’s software when I can avoid it, particularly something as fundamental as a web browser.
Honestly yeah it’s much more secure, afaik the sandboxing on Firefox and the such is horrible
This used to be true, more specifically, there was no sandboxing on FF Android. Firefox rolled out Fission (sandboxing) for stable earlier this year:
https://discuss.privacyguides.net/t/firefox-finally-rolling-out-fission-on-android/26456/44?page=2
It may not be perfect but it is infinitely better than it was last year.
I came here to joke about my Firefox browser, but I guess it’s not chromium, yay! Any particular phone browsers that you would recommend?
I use Firefox on both my phone and my desktop.
In the least use Fennec or better Ironfox. However Ironfox is breaking some websites occasionally or can be just slow loading pages so I have both installed and use them both.
I used ironFox until recently it started randomly timing out on websites that work fine everywhere else. So I’m back to FF on Android.
FF took privacy out of their policy. At this point, why not just DDG. I also use SearXist, and you can randomize the engine instances used to avoid fingerprinting.
FF took privacy out of their policy
Nope, that was just a really silly context-free git diff that people seized on as if it meant something deep. They edited one piece of documentation to have different wording. Privacy is still very much a part of their branding.
why not just DDG.
Because that is still using the Chrome engine and thus allowing their monopoly to thrive. The literal only thing you can do to slow/stop Google’s stronghold on the web is to use another browser, not based on Chromium.
Waterfox on all devices.
Which Android FF browser is currently considered up to code?
I use Firefox. 🤷♂️
deleted by creator
You’re not my real dad, I can do what I want.
there’s really so few good android browsers…
Whats wrong with firefox?
Nothing except a lot of websites are designed to only work well (or at all) on chrome. I use Firefox 99% of the time but occasionally I have to use a shitty website like that so I switch to ungoogled chrome, or ddg browser on android.
So far I’ve only found one website that doesn’t work when I change the user agent in FF to appear as Chrome. All the rest are just maliciously anti-firefox.
What websites don’t work? I’ve never had an issue with sites on Firefox.
This isn’t uncommon. For a while Ticketmaster didn’t work, as one example.
My national broadcaster doesn’t play videos on either Firefox or Firefox focus unfortunately.
It’s such a small market share these days they just don’t bother to check or fix it.
it’s not that great imo ever since they moved away from fennec (to fenix)
performance wise it’s very laggy compared to chromium. and the UI is terrible… they recently made it even worse too. plus no customization at all, though that’s also lacking for other browsers
waterfox is my favorite. but the next one is probably firefox…











