Cromite browser was a privacy and security oriented Android browser.
Their latest update was in 21th of May: v148.0.7778.168.
Their commit history also suggest that the browser is slowly being sunset.
To put it into context, the current version of chrome on Android is 150.0.7871.63, released on 30th of June.


Please use it over any <insert any non-chromium browser engine here> browser.
Why? For my threat model? I like having my adbocker in Firefox. I’ll take uBlock blocking ads and trackers every minute of every day over hardening against some exotic exploit I’m never going to encounter.
No, I’m not taking the “why should I care I have nothing to hide” privacy stance, but the XKCD “4096-bit-encryption-pipe-wrench” stance.
GrapheneOS includes our Vanadium subproject providing privacy and security enhanced releases of Chromium. Vanadium is both the user-facing browser included in the OS and the provider of the WebView used by other apps to render web content. The WebView is the browser engine used by nearly all other apps embedding web content or using web technologies for other uses. It’s also used by many minor web browsers not forking Chromium as a whole. These apps using the WebView benefit from a subset of the Vanadium hardening.
Vanadium was previously primarily focused on security hardening but we plan on adding assorted privacy and usability features. In the near future, we plan to add support for always incognito mode, improved state partitioning, backup/restore and many other features.
Chromium-based browsers like Vanadium provide the strongest sandbox implementation, leagues ahead of the alternatives. It is much harder to escape from the sandbox and it provides much more than acting as a barrier to compromising the rest of the OS. Site isolation enforces security boundaries around each site using the sandbox by placing each site into an isolated sandbox. It required a huge overhaul of the browser since it has to enforce these rules on all the IPC APIs. Site isolation is important even without a compromise, due to side channels. Browsers without site isolation are very vulnerable to attacks like Spectre. On mobile, due to the lack of memory available to apps, there are different modes for site isolation. Vanadium turns on strict site isolation, matching Chromium on the desktop, along with strict origin isolation.
Chromium has decent exploit mitigations, unlike the available alternatives. This is improved upon in Vanadium by enabling further mitigations, including those developed upstream but not yet fully enabled due to code size, memory usage or performance. For example, it enables type-based CFI like Chromium on the desktop, uses a stronger SSP configuration, zero initializes variables by default, etc. Some of the mitigations are inherited from the OS itself, which also applies to other browsers, at least if they don’t do things to break them.
We recommend against trying to achieve browser privacy and security through piling on browser extensions and modifications. Most privacy features for browsers are privacy theater without a clear threat model and these features often reduce privacy by aiding fingerprinting and adding more state shared between sites. Every change you make results in you standing out from the crowd and generally provides more ways to track you. Enumerating badness via content filtering is not a viable approach to achieving decent privacy, just as AntiVirus isn’t a viable way to achieving decent security. These are losing battles, and are at best a stopgap reducing exposure while waiting for real privacy and security features.
Vanadium will be following the school of thought where hiding the IP address through Tor or a trusted VPN shared between many users is the essential baseline, with the browser partitioning state based on site and mitigating fingerprinting to avoid that being trivially bypassed. The Tor Browser’s approach is the only one with any real potential, however flawed the current implementation may be. This work is currently in a very early stage and it is largely being implemented upstream with the strongest available implementation of state partitioning. Chromium is using Network Isolation Keys to divide up connection pools, caches and other state based on site and this will be the foundation for privacy. Chromium itself aims to prevent tracking through mechanisms other than cookies, greatly narrowing the scope downstream work needs to cover. The focus is currently on research since we don’t see much benefit in deploying bits and pieces of this before everything is ready to come together. At the moment, the only browser with any semblance of privacy is the Tor Browser but there are many ways to bypass the anti-fingerprinting and state partitioning. The Tor Browser’s security is weak which makes the privacy protection weak. The need to avoid diversity (fingerprinting) creates a monoculture for the most interesting targets. This needs to change, especially since Tor itself makes people into much more of a target (both locally and by the exit nodes).
WebView-based browsers use the hardened Vanadium rendering engine, but they can’t offer as much privacy and control due to being limited to the capabilities supported by the WebView widget. For example, they can’t provide a setting for toggling sensors access because the feature is fairly new and the WebView WebSettings API doesn’t yet include support for it as it does for JavaScript, location, cookies, DOM storage and other older features. For sensors, the Sensors app permission added by GrapheneOS can be toggled off for the browser app as a whole instead. The WebView sandbox also currently runs every instance within the same sandbox and doesn’t support site isolation.
Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox/Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS
isolatedProcessfeature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.Ooh copy pasta! I don’t have time to pick apart every point, but a few notes:
This statement dates back to at least 2022. How long do we get to wait for “assorted privacy and usability features”?
Citation needed.
A statement that also dates back to at least 2022. Factually untrue as of Release 147 in January, 2026.
Firefox isn’t perfect, and Vanadium is absolutely more secure. I’m genuinely happy it’s the WebView implementation on my phone, and I use it in the rare event FF fails me. But for my use case and threat model, Firefox (with Vanadium WebView) blows Vanadium alone out of the water. uBlock makes every website load 10x faster, and I haven’t seen an advertisement in years.
I would recommend Firefox on Android to everyone I know who isn’t actively being targeted by a three letter agency.
No.
Then you aren’t using the most secure open source browser.
But I am escaping the corporate browser monopoly. I’m good on that.
I’m curious if you own a smartphone and if so, what OS it runs.
Yeah and it’s android. I know the whole spiel you want to give me, can we just not do that? You’re opting back into the Google ecosystem in the name of security, and I don’t choose that. Using Firefox is the only current option I have for avoiding using a browser controlled by Google. I’ve read the arguments about sandboxing and all and I don’t find it a compelling reason to use Google’s software when I can avoid it, particularly something as fundamental as a web browser.
I can definitely opt to not give you the “Android is made by Google” spiel.
Thanks, and yes, I’m aware. If I could use a linux phone I definitely would and I plan to in the future once they’re more developed.
Honestly yeah it’s much more secure, afaik the sandboxing on Firefox and the such is horrible
This used to be true, more specifically, there was no sandboxing on FF Android. Firefox rolled out Fission (sandboxing) for stable earlier this year:
https://discuss.privacyguides.net/t/firefox-finally-rolling-out-fission-on-android/26456/44?page=2
It may not be perfect but it is infinitely better than it was last year.