One of the main contributors to Bromite has now officially forked it and created Cromite.
Uazo has been maintaining a Bromite dev/test build for a while now over at GitHub - uazo/bromite-buildtools: my build machine for bromite development. In the latest release there’s an announcement that new releases will be in the new Cromite repository linked above.
Note: there aren’t any binaries released in the Cromite “releases” page yet.
We’ll probably want to wait and see how the project does for a while before considering it.
still no 32-bit support and updates can take up to two weeks
Cromite seems to be promising but It blocks automatic https upgrades and Content Security Policy reports; which harm security
I don’t see how blocking CSP reports harms security, and HTTPS-only mode is enabled by default. CSP reports can be used to fingerprint installed extensions:
I found a fork of Bromite browser called Cromite which was mentioned in Libreware channel on Telegram
Cromite is the uptodate version of Bromite but how could i trust this developer like the developer of Bromite??
Cromite github page: GitHub - uazo/cromite: Cromite a Bromite fork with ad blocking and privacy enhancements; take back your browser!
I have been using bromite from quite a while now. It seemed to be the only good enough ungoogled chromium option on android.
When Bromite became unmaintained, sadness clouded me.
Cromite made me happy, atleast its better in UX perspective. the readme seems pretty nice, the issue resolutions seems nice. All in all, its giving me nice vibes but ofcourse time will tell.
Why don’t you use Brave? If you disable crypto stuff and rewards, it there any advantages b/cromite provide over Brave?
Unlike Bromite/Cromite, Brave still contains proprietary components.
the guy who is working on cromite was a major contributor to the original bromite
We need cromite vs brave mobile showdown fr fr
To get an answer to your question, you should explain why did you trust the main developer of Bromite.
Quickly looking through the releases since July I’m not seeing examples of this being the case… I found a couple releases which were ~4 days delayed around a month ago, but otherwise I’m largely seeing updates in about a day. It looks like they (semi?) automated updates with GitHub Actions, which is cool.
Also your excellent https://divestos.org/misc/ch-dates.txt page shows Cromite at 117 despite them releasing 118 5 days ago. Not to like tell you what to do or anything, but if you added a Cromite column to the more detailed history section I’m sure I and others would appreciate it, since Bromite is dead and Cromite’s gained ~1000 GitHub stars in the last 2 months
Cromite does not enable CFI any longer: Drop cfi support · uazo/cromite@579060f · GitHub
Hmmm, wasn’t aware of that. Does Brave enable CFI on their Android builds in comparison?
The issue with this and also comparing dates, is that they do not ship the actual stable channel versions.
This makes it difficult to line up with the rest and while updated may not actually be updated.
I covered this version issue previously back in the Bromite days: 106.0.5249.163 is missing the recent zero-day fix · bromite/bromite · Discussion #2421 · GitHub
to my understanding, CFI is… a good thing?
may you elaborate?
CFI largely eliminates an entire class of security vulnerabilities.
I don’t think Brave ships with CFI.
I think its still worth considering then, since Brave is the current recommendation, so it wouldn’t be a decrease from that. Though it would be nice if they did enable CFI, it appears they don’t due to it causing issues and crashing, see here.
yes, but while Brave may not have CFI, at least it has a small army of developers behind it to quickly push out updates.
Vanadium has fixed these issues twice now.