Thanks. Definitely not a fan of Brave or its CEO. Secureblue looks interesting, but the fact that they state they won't have anything to do with degoogled chromium is not awesome.
Seems like it might be better than stock Chrome with the hardening. Github only shows 243 stars, but it's new so that's understandable.
Have you tried flashing any hardware with it?
The Chromium itself is still patched to disable data collection and opt-in metrics according to the developer and since it uses Vanadium patches I could attest to that. Always better to use the Chromium as a base and build with own patches rather than centipeding someone's fork like ungoogled-chromium. Since if they delay, then you delay.
These forks also aren't security hardened like Vanadium is, forks will just amateurly take out anything that mentions Google which leads to some regressions.
Secureblue is not endorsed but both have a similar user share and the maintainers are frequent GrapheneOS community members. It's listed as an example of other OSes using hardened_malloc on our site.
It's usable, but hardened_malloc will break certain apps the same way they do on GrapheneOS for security. Electron apps are an example. I don't daily-driver secureblue though and the barrier for entry is higher than it is to get started with GrapheneOS.
fyi I am aware of other projects using Hardened Malloc as well, for example this hardened Void Linux build has hardened malloc and other hardening:
https://0xacab.org/optout/plagueos
https://0xacab.org/optout/plagueos/-/wikis/Security-Considerations
https://0xacab.org/optout/plagueos/-/wikis/FAQ
It sounds very interesting butI (and I think anyone I know) have never used it though. Can't make a recommendation. Using smaller projects is at your own risk.
Gotcha. Thanks for the detailed and honest reply. I've got some things to look into. Much appreciated.
