Chromium Version vis a vis security

Hello all…this is my first post, and I have a question. If it has already been answered, I apologize in advance.

The Chromium version on which Dragon is based is currently version 4.1.249.1044. This appears to have been released by Google in the March 23rd - March 30th time frame.

A couple of questions…

  1. Since the older version of Chromium has numerous bugs/vulnerabilities that have now been fixed, how can Comodo claim to be safer than Chrome? I’m not being snide; I’m trying to ask a reasonable question.

  2. Comodo seems to be making very steady progress with versions (and should thus make SRWare Iron obsolete, from what I can see) how long before you catch up with Chromium?

I love the Dragon concept, b/c I like Chrome. But I prefer Dragon b/c it takes out much of the issues of Google’s making. But browsing the web with 2 month old holes doesm’t seem advisable either. I use Secunia to keep all software on my computer up to date; how could I use Dragon if I know I’ve got gaping holes just waiting to be exploited?

Thanks for your help!

Brian

how can Comodo claim to be safer than Chrome?
While it like SRWiron, I guess the most noticable feature is it's verification engine http://www.vengine.com/ <----if your curious on what it does

While it’s stlll new, I’m gussing chromium (just guessing) is concentrating on it’s features while the comodo dragon is concentrating on making it more secure browser

OK, but let’s not forget the speed. I would like CD improves the speed of Chromium.

I understand the concept of the verification engine, and I think it’s laudable. However, for most people that are security inclined enough to look at Chrome, much less Dragon, I think it’s unlikely that we’re throwing our credit cards out there on every single site that pops up. Most of us have a good idea of where to do our shopping. On the other hand, drive by exploits through browsers and/or the applications that run therein are another beast altogether. Some of these can show up on very legitimate websites and require NO user interaction. So if Dragon tells me of a few websites whose certificates are less than top notch, BUT allows a rootkit to be dropped onto my computer and thus allow my banking/personal info to be phoned out to criminals…again, what use is Dragon for all it’s security acumen if the fundamental building foundation (namely Chromium) has already had known vulnerabilities patched? If Dragon is running 2-3 months behind Google, I’m running around on the web with a punctured browser, am I not?

Am I missing something?

You’re missing the fact that Dragon is not Chrome. (It’s Chromium based). Chrome is Google’s implementation of the Chromium Project. Dragon is Comodo’s implementation of the Chromium project as well.

I think you’re just being a little too paranoid.

2-3 months is NOTHING. IE6 is still used by corporations and those that don’t know much. :stuck_out_tongue:

It’s also hard to exploit vulnerabilities in Chromium:

“There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things – you can’t execute on the heap, the OS protections in Windows and the Sandbox.”
http://www.taranfx.com/most-secure-browser

OK…thanks so much for the feedback. I really appreciate it. It is perhaps true that I am a bit paranoid about security, which I find funny coming from a CD user! :wink: :-TU

Maybe it would help me (and hopefully a few others) if someone explained the general development process of Chromium based browsers like Chrome, Dragon, Iron, ChromePlus (I think I’ve seen) etc. etc. Who is writing the underlying code for Chromium? When bugs (such as they are in Chromium) are discovered, where do they get patched…in Chromium? In the specific version based thereon? (Again, Dragon, Chrome etc.) If it’s Chromium, then I guess CD is truly never more than 2-3 months behind that, and with it’s apparently inherent security due to sandboxing, then perhaps you’re right that using CD represents small risks. Most exploits are written for the apps Java and Flash anyways, as well as PDFs.

So, if you can explain the process of how these browsers based on Chromium are developed, it would be very helpful. Thanks again for your help!

OK…so no takers on the question of the development process for Chromium.

I still am not seeing, in it’s current manifestation, how Dragon is more secure than Chrome. I understand that some people use IE6, and they are fools. Hence I am in the Dragon forums with Chrome, Dragon, and Firefox on my computer. Chrome is now my default browser…it took the place of Firefox once it’s extensions really took off.

As Chrome continues it’s march to popularity, it will be attacked more and more frequently. If Google sees fit to issue a release fixing CRITICAL vulnerabilities, think you that Dragon is impervious? Your browser is based on that underlying code! Some of the fixes are issued because of known zero day attacks on a browser in the wild. The longer time goes on, the more attacks will appear.

As far as privacy, Google has made very definite strides in this area as well. They’ve even developed their own extension that prevents the Google Analytics javascript from running.

It seems to me that Dragon is always going to be a few months behind in security fixes, unless of course I’m misunderstanding the process, which I’m unsure of that the moment because no one explained that in response to my last posting.

So, at the moment, I’ll stick with Chrome. Having Dragon tell me that Facebook has an invalid/insufficient https connection is not helpful, and I’m not the sort of idiot to give my personal info over to any old website. Frankly, I’m sure few of you would either. It is FAR more likely that this personal info will be grabbed by malware when Chromium has been hacked and Dragon will not have been patched because it’s based on the underlying hacked code.

If I misunderstand the process, please clarify. If not, then I’m not willing to be a few months behind on my patches. They are far too important. Dragon feels a bit to me like Don Quixote waving a sword at windmills. The real enemies are elsewhere.

Maybe it would help me (and hopefully a few others) if someone explained the general development process of Chromium based browsers like Chrome, Dragon, Iron, ChromePlus (I think I've seen) etc. etc. Who is writing the underlying code for Chromium? When bugs (such as they are in Chromium) are discovered, where do they get patched...in Chromium? In the specific version based thereon? (Again, Dragon, Chrome etc.)
I think no one is answering it because your asking an awfull lot in one post, It kind of discouraging. :-La
So, at the moment, I'll stick with Chrome
Hope you enjoy it :)
I'm not the sort of idiot to give my personal info over to any old website
The internet wouldn't be as problematic, if there were more people like you :-TU

Same concepts apply to Mozilla Gecko based browsers. What are you looking for exactly? The best place for Chromium information is Chromium

Who is writing the underlying code for Chromium?
Mostly Google, but it's community based so a lot of people help write the code. (Same can be said for Mozilla's browsers, community driven, but other companies like Google, Mozilla, RedHat provide much of the code.)
When bugs (such as they are in Chromium) are discovered, where do they get patched...in Chromium? In the specific version based thereon? (Again, Dragon, Chrome etc.)

Patched in Chromium and also patched in the vendor’s browser.

If it's Chromium, then I guess CD is truly never more than 2-3 months behind that
It's not usually that long, but can be that way.
and with it's apparently inherent security due to sandboxing, then perhaps you're right that using CD represents small risks. Most exploits are written for the apps Java and Flash anyways, as well as PDFs.

In the two years or more it has been on the market, Chromium hasn’t suffered much in the ways of other browsers (Safari, IE, Firefox, Opera, etc.) in time, maybe. Who knows. PDF is now native in Chromium. Thankfully we don’t have to use Adobe’s plug-in anymore!