Chrome : the privacy breaches seem to be large enough to actually become a security threat as well. Is that a fair statement?
Firefox : seemed pretty good to me until I read this article https://madaidans-insecurities.github.io/firefox-chromium.html. It claims that Firefox is more insecure than Chrome/Chromium, in large part because of a weaker sandboxing mechanism. Even if this mechanism seems to be catching up, this points to a significant lag in Firefox's security
Safari : is it secure?
Chromium : it seems to be the best bet to me, because it seems to contain the best security mechanisms, without the Google spyware. However: 1) it does not seem to provide an automatic update system 2) I read that it's unstable because it contains bleeding edge code. That actually sounds like it's less safe than chrome because of that => is there a way to know which Chromium version Chrome is using, and just using this version?
I am grateful for any thoughts.
I'd say the underlying technologies, which overlap in some cases, and have improved the security for the three browsers. We face a different threat in terms of reduced user choices: vendor lock-in, reduced privacy, and worsening user experience.
In the past and currently there is an option to block pop-ups, but this has been overcome with modern JavaScript. Even worse are browser vendor pop-ups nagging to give away personal information like location, credit cards, and other credentials -- and making this seem like this is normal and it's not a problem when clearly it is serious problem.
Chromium-based browsers have strong sandboxing, and a dedicated security team at Google. If security is your main priority that makes for a compelling argument. They have strong code guidelines such as their rule of two[1], make heavy use of fuzzers and others techniques.
You can read some of the other techniques they use for security here[2][3]:
Despite these techniques, they are using a language that is not memory-safe. Security bugs do occasionally pop up in Chromium. They're also patched very quickly, but the possibility exists of a 0-day impacting users.
Firefox has improved considerably in their sandboxing, but it is still a legacy codebase. Many techniques used to ensure code safety were not originally available, but have been slowly patched into the codebase.
Firefox has one advantage: it was the progenitor of Rust. They've had a head start in building components in a memory-safe language which offers them safety that Chromium does not currently have (Google are still considering adopting Rust). For this reason it's possible that Firefox will be able to avoid a memory bug that will affect Chromium-based browsers.
Both companies offer a generous bug bounty program. Firefox is occasionally targeted as it's used by TOR users, but Chromium receives far more scrutiny overall (which isn't necessarily a bad thing).
I don't think either browser is a bad option, but neither are they perfect. I'd feel safer overall with Chrome (or Chromium, whatever) primarily due to the considerable resources Google is able to put into their security focus.
[1] https://chromium.googlesource.com/chromium/src/+/HEAD/docs/s...
[2] https://docs.google.com/document/d/e/2PACX-1vRZr-HJcYmf2Y76D...
[3] https://security.googleblog.com/2021/09/an-update-on-memory-...