Why not switch to Chromium?

Posted Jun 4, 2016 11:43 UTC (Sat) by Trou.fr (subscriber, #26289)
Parent article: Shifting feature sets and search engines in Tor Browser 6

It baffles me that Tor browser is still based on Firefox. As the users expect privacy, the security of the browser must be sufficient to protect them against attacks designed to uncover their identity. The FBI has exploited several times vulnerabilities in Firefox for this purpose.

Chromium having real security implemented (sandboxing), have they considered switching to it ?

Why not switch to Chromium?

Posted Jun 10, 2016 18:11 UTC (Fri) by sprin (guest, #101377) [Link]

My guess for why Chromium is not being considered for the Tor Browser Bundle:

Significant engineering effort to switch now. Firefox will gain better safety/sandboxing as Servo components are incorporated, beginning this year .
Upstream is actively hostile towards the kind of privacy Tor wants to provide, with countless phone-home calls sprinkled throughout the source, and has managed to sneak suspicious blobs past downstream providers in the past. However, at least one group, Iridium, appears to be trying to remove the call-homes, but they appear to be behind on the Chromium update schedule. With Chromium not having Extended Support Releases like Firefox, I can sympathize with the huge effort it must be to keep up.

Currently, a good defense against de-anonymization attacks using browser exploits appears to be Qubes and the TorVM, through which the browser VM can be forced to make all connections. A total compromise of the browser would still not yield IP or MAC. The exploit which I think you were referring to, MFSA2013-53, would also have been mitigated by disabling JavaScript.