Chromium の軽量フォークの Thorium

matoken DebianLinuxsid

Thorium という Chromium をコンパイラの最適化などを使い,通常の Chromium に比べて 8〜38% のパフォーマンスの向上が実現できるものを知りました.

サブプロジェクトが多数あり,各種環境向けのThorium やThoriumOS, Codium などもあります.

モバイル端末の電池持ちが良くなったり,古い端末での動作が軽くなるのではないかと期待が持てます.

導入

今回は Debian sid amd64 環境へ..deb のリポジトリが用意されているのでこちらを利用しました.

$ sudo wget --no-hsts -P /etc/apt/sources.list.d/ http://dl.thorium.rocks/debian/dists/stable/thorium.list
$ sudo apt update
$ sudo apt install thorium-browser
$ thorium-browser --version
Thorium 124.0.6367.218 stable, built on Ubuntu

thorium about

起動

起動すると見た目は Chromium です.普通に使え,Chrome の拡張機能も利用できます.Google アカウントの同期も可能です.
ということで使い勝手は Chromium と変わらず.

しかし,しばらく使っていましたがアップデートが降りてきません.Chromium に追従しておらずセキュリティ的に不安が残ります.

Chromium のchangelog を見ると urgency=high を含むセキュリティ修正が沢山.
$ zcat /usr/share/doc/chromium/changelog.Debian.gz | head -192 | grep CVE
    - CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-6291: Use after free in Swiftshader.
    - CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee
    - CVE-2024-6101: Inappropriate implementation in WebAssembly.
    - CVE-2024-6102: Out of bounds memory access in Dawn.
    - CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-5830: Type Confusion in V8.
    - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
    - CVE-2024-5834: Inappropriate implementation in Dawn.
    - CVE-2024-5835: Heap buffer overflow in Tab Groups.
    - CVE-2024-5836: Inappropriate Implementation in DevTools.
    - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
    - CVE-2024-5838: Type Confusion in V8.
    - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
    - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
    - CVE-2024-5841: Use after free in V8.
    - CVE-2024-5842: Use after free in Browser UI.
    - CVE-2024-5843: Inappropriate implementation in Downloads.
    - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
    - CVE-2024-5845: Use after free in Audio. Reported by anonymous.
    - CVE-2024-5846: Use after free in PDFium.
    - CVE-2024-5847: Use after free in PDFium.
    - CVE-2024-5493: Heap buffer overflow in WebRTC.
    - CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-5496: Use after free in Media Session.
    - CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.
    - CVE-2024-5498: Use after free in Presentation API.
    - CVE-2024-5499: Out of bounds write in Streams API.
    - CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of
    - CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.
    - CVE-2024-5158: Type Confusion in V8.
    - CVE-2024-5159: Heap buffer overflow in ANGLE.
    - CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.
    - CVE-2024-4947: Type Confusion in V8. Reported by Vasily
    - CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz.
    - CVE-2024-4949: Use after free in V8.
    - CVE-2024-4950: Inappropriate implementation in Downloads.

ということでメイン環境では使わないことにしょうと思います.

Trending
DebianのisoイメージをUSBメモリに書き込み

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です