Chromium fork without Google
https://github.com/ungoogled-software/ungoogled-chromium
Just so you know - UC is no longer maintained on android.
2 Likes
We won’t be adding that. Builds are managed by untrusted third parties.
Also: ungoogled-chromium
10 Likes
Then suggest compiling it from source instead.
2 Likes
What is the current situation with Ungoogled-Chromium?
I was considering to follow the community adopted latest most secure browser option to actually find out that Secure Blue browser Trivalent is a Hardened Fork, its maintainers take the Chromium source, apply numerous custom security patches and build flags, and then build the binary. To update, the maintainer must manually rebase all those custom patches onto the new Chromium source tree, which takes time.
There are Zero-Day Security Vulnerability (CVE-2025-13223 and CVE-2025-13224) identified and patched on 2025-11-17.
Currently, Chrome, Brave, Opera, Ungoogled-Chromium and Vivaldi are patched.
Ungoogled Chromium is a Binary Rehoster/Configurator: Its maintainers do not maintain deep custom security patches in the way Trivalent does. Their job is to pull the official Chromium binary/source files, apply their specific ungoogling configuration and scripts, and repackage it.
Not sure if I’m understanding how this works, which it probably the case but it seems that Trivalent may be failing on its own propaganda.
Trivalent patched those CVEs. They updated to the most recent version of chromium a week ago…
1 Like
Do you know which release has it?
I think the AUR may be the problem then, latest update seems that was a release from 2025-11-07
I was considering to follow the community adopted latest most secure browser option to actually find out that Secure Blue browser Trivalent is a Hardened Fork
Any reasonably secure browser option in 2025 would be Chromium-based “fork”. Why is this at all surprising?
To update, the maintainer must manually rebase all those custom patches onto the new Chromium source tree, which takes time.
We do it in advance for monthly major releases, and instantly for weekly minor releases since they’re so small. We automate everything and often release within a couple hours of Chrome.
There are Zero-Day Security Vulnerability (CVE-2025-13223 and CVE-2025-13224) identified and patched on 2025-11-17.
Currently, Chrome, Brave, Opera, Ungoogled-Chromium and Vivaldi are patched.
Had you looked this up, you would have found that Trivalent is on the same Chromium version, and we released it within hours of Chrome. We even posted on Bluesky about the exact CVE you mentioned.
Ungoogled Chromium is a Binary Rehoster/Configurator : Its maintainers do not maintain deep custom security patches in the way Trivalent does.
Again, had you looked this up, you would have found that this is not the case. UGC has tons of source patchfiles: Code search results · GitHub
You’re either making stuff up or getting your info from a slop generator. In either case I’d advise you to not do that.
Not sure if I’m understanding how this works, which it probably the case but it seems that Trivalent may be failing on its own propaganda.
Might be a good idea to do some self-reflection before dropping strong accusations like this 
I think the AUR may be the problem then, latest update seems that was a release from 2025-11-07
Referencing a third party, unsupported repackaging of our software as evidence highlights just how little research you did before making these claims.
4 Likes
That is not what is surprising. This is the part that I didn’t know “To update, the maintainer must manually rebase all those custom patches onto the new Chromium source tree, which takes time. Ungoogled Chromium is a Binary Rehoster/Configurator: Its maintainers do not maintain deep custom security patches in the way Trivalent does. Their job is to pull the official Chromium binary/source files, apply their specific ungoogling configuration and scripts, and repackage it.”
That is another thing that I didn’t know.
I checked the repository and I didn’t see any notes about the CVEs. Sorry, I don’t have Bluesky account and don’t research there.
I was looking to understand better the situation. You seem that took it a bit personal. Maybe you are the one needing some self reflection.
Claims? Dude, chill out! I don’t use your image, like you said is unsupported but it is packed and available. It would help if in the official repo we had the notes on the update that indicates that the version has the CVEs.
Where are you getting this incorrect info? Ungoogled Chromium does use patchfiles as I linked before. It seems you’ve ignored it.
I was looking to understand better the situation. You seem that took it a bit personal. Maybe you are the one needing some self reflection.
Claims? Dude, chill out!
I don’t think it’s unreasonable to have a stern response to being called “propaganda”, especially when there’s a lack of due diligence involved.
1 Like
Same way that you ignored that there are CVE notes in the 142.0.7444.134-440598 but there are no CVE notes in the most recent releases but you decided to push that I should be informed since you published things in platforms like Bluesky.
Don’t worry “stern” (spice) reactions like yours are normally very well received in this forum. I admit that I could have phrased my first comment much better. Do you admit that you perhaps could have responded a bit different as well? I don’t think so.
You clarified the situation and I appreciate it. I have zero interest in Trivalent now that is very clear that there is no reason to try to use it outside of Secureblue or Fedora (like you decided to add in another post). Can we please just focus on Ungoogle Chromium? I’d like to understand better if things changed a little bit on their project and maybe it is a feasible option on other distros.
UC is maintained on desktop distro’s providing you install it from a source that is on the update list. So from my own personal experience both Github and Flatpak are good. As to entering into comparisons it needs to be remembered that when you are installing it you are only installing a degoogled template of chromium, it’s down to you to complete the build in a way that best suits your own usage case. So no two installs are ever the same as some go all in on the hardening whereas others prefer something that is more practical for daily use. The point about UC over almost every other browser is that you get to build the browser to your own spec’.
The android version is not maintained and does not receive updates so I use Cromite instead, which is very similar to UC but is intended to be used out of the box in a fairly hardened form.
1 Like
So, if I’m understanding this correctly, the reason you said:
is because you combined the AI slop explanation:
with the inconsistency in noting fixed CVEs in the Github releases, and just assumed they were removing some CVE fixes because they were too hard to merge with the “deep custom security patches”? If that is not what happened, then I have no idea why you would assume that they don’t have the same CVE patches as other forks based on the same version of chromium.
To tie it back to UC, that project is much more likely to inadvertently do what you assumed Trivalent did, since instead of source code changes being entirely comprised of git diffs that will generate visible merge conflicts when relevant, they have scripts that edit source code as well. This could lead to unnoticed conflicts, including those involving CVE fixes.
1 Like
Yes, is it so strange or stupid to assume looking the releases that don’t have any mention of the CVEs that they are not there? The previous releases had mentions of other CVEs implementations. For me this is a case of inconsistency and generates confusion, which is what happened in my case. I looked the previous releases and saw the CVEs notes there, these new ones they are not in the new versions notes.
Thanks, this is helpful.