Thorium という Chromium をコンパイラの最適化などを使い,通常の Chromium に比べて 8〜38% のパフォーマンスの向上が実現できるものを知りました.
サブプロジェクトが多数あり,各種環境向けのThorium やThoriumOS, Codium などもあります.
モバイル端末の電池持ちが良くなったり,古い端末での動作が軽くなるのではないかと期待が持てます.
導入
今回は Debian sid amd64 環境へ..deb のリポジトリが用意されているのでこちらを利用しました.
$ sudo wget --no-hsts -P /etc/apt/sources.list.d/ http://dl.thorium.rocks/debian/dists/stable/thorium.list $ sudo apt update $ sudo apt install thorium-browser $ thorium-browser --version Thorium 124.0.6367.218 stable, built on Ubuntu
起動
起動すると見た目は Chromium です.普通に使え,Chrome の拡張機能も利用できます.Google アカウントの同期も可能です.
ということで使い勝手は Chromium と変わらず.
しかし,しばらく使っていましたがアップデートが降りてきません.Chromium に追従しておらずセキュリティ的に不安が残ります.
Chromium のchangelog を見ると
urgency=high を含むセキュリティ修正が沢山.$ zcat /usr/share/doc/chromium/changelog.Debian.gz | head -192 | grep CVE
- CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-6291: Use after free in Swiftshader.
- CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee
- CVE-2024-6101: Inappropriate implementation in WebAssembly.
- CVE-2024-6102: Out of bounds memory access in Dawn.
- CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5830: Type Confusion in V8.
- CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
- CVE-2024-5834: Inappropriate implementation in Dawn.
- CVE-2024-5835: Heap buffer overflow in Tab Groups.
- CVE-2024-5836: Inappropriate Implementation in DevTools.
- CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
- CVE-2024-5838: Type Confusion in V8.
- CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
- CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
- CVE-2024-5841: Use after free in V8.
- CVE-2024-5842: Use after free in Browser UI.
- CVE-2024-5843: Inappropriate implementation in Downloads.
- CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
- CVE-2024-5845: Use after free in Audio. Reported by anonymous.
- CVE-2024-5846: Use after free in PDFium.
- CVE-2024-5847: Use after free in PDFium.
- CVE-2024-5493: Heap buffer overflow in WebRTC.
- CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5496: Use after free in Media Session.
- CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.
- CVE-2024-5498: Use after free in Presentation API.
- CVE-2024-5499: Out of bounds write in Streams API.
- CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of
- CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.
- CVE-2024-5158: Type Confusion in V8.
- CVE-2024-5159: Heap buffer overflow in ANGLE.
- CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.
- CVE-2024-4947: Type Confusion in V8. Reported by Vasily
- CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-4949: Use after free in V8.
- CVE-2024-4950: Inappropriate implementation in Downloads.ということでメイン環境では使わないことにしょうと思います.