|**Block Intents While Locked**<br><sub><nobr> Tue, 31 Oct 2023 16:16:08 +0000</nobr><br>File: [Block-Intents-While-Locked.patch](/build/patches/Block-Intents-While-Locked.patch)<br><nobr>Author: Your</nobr><br><nobr>Context: </nobr><br><nobr>License: </nobr> |see https://source.chromium.org/chromium/chromium/src/+/c5b50f4c2d42e7b808fd3e6fb3545cdb3f4d82c9|
|**Block gateway attacks via websockets**<br><sub><nobr> Tue, 28 Jul 2020 12:28:58 +0200</nobr><br>File: [Block-gateway-attacks-via-websockets.patch](/build/patches/Block-gateway-attacks-via-websockets.patch)<br><nobr>Author: csagan5</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |This approach is not comprehensive, see also:<br>* https://bugs.chromium.org/p/chromium/issues/detail?id=590714|
|**Block leakage of urls in sandbox iframes**<br><sub><nobr> Sat, 21 Sep 2024 14:36:25 +0000</nobr><br>File: [Block-leakage-of-urls-in-sandbox-iframes.patch](/build/patches/Block-leakage-of-urls-in-sandbox-iframes.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> |Preventing url base fallback leakage in cross orgin sandbox iframe.<br>Addition of the ""block-url-leakage-sandbox-iframe" flag disabled by default.<br>DO NOT ACTIVATE: the patch is a wip<br>The aim is to understand whether it is possible to disable the<br>leakage of certain information in sandbox iframes|
|**Block qjz9zk or trk: requests**<br><sub><nobr> Wed, 30 Oct 2019 11:50:13 +0100</nobr><br>File: [Block-qjz9zk-or-trk-requests.patch](/build/patches/Block-qjz9zk-or-trk-requests.patch)<br><nobr>Author: csagan5</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |An info bar is displayed unless the --disable-trkbar command-line flag or the chrome://flag option is used.<br>This patch is based on Iridium's 'net: add "trk:" scheme and help identify URLs being retrieved'|
|**Bookmarks select all menu entry**<br><sub><nobr> Sat, 9 Apr 2022 23:01:55 +0200</nobr><br>File: [Bookmarks-select-all-menu-entry.patch](/build/patches/Bookmarks-select-all-menu-entry.patch)<br><nobr>Author: csagan5</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |Requires: Restore-BookmarkToolbar-setCurrentFolder.patch|
|**Bromite auto updater**<br><sub><nobr> Thu, 7 Oct 2021 14:27:12 +0000</nobr><br>File: [Bromite-auto-updater.patch](/build/patches/Bromite-auto-updater.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |Enable checking for new versions, with notifications and proxy support.<br>Restore InlineUpdateFlow feature.<br>Some parts authored by csagan5.|
@@ -66,6 +67,7 @@
|**Compress libchrome to free up some space**<br><sub><nobr> Wed, 19 Jul 2023 09:32:36 +0000</nobr><br>File: [Compress-libchrome-to-free-up-some-space.patch](/build/patches/Compress-libchrome-to-free-up-some-space.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> |upstream removed ModernLinker support for developer build (apk releases).<br>see https://bugs.chromium.org/p/chromium/issues/detail?id=1383210|
|**Content settings infrastructure**<br><sub><nobr> Thu, 24 Feb 2022 07:54:36 +0000</nobr><br>File: [Content-settings-infrastructure.patch](/build/patches/Content-settings-infrastructure.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |This patch is used by other patches to provide the UI for Bromite-specific<br>site settings.<br>See BromiteCustomContentSetting_README.md for more information.<br>Require: bromite-build-utils.patch|
|**Cromite Branding: improve settings ui**<br><sub><nobr> Sat, 21 Sep 2024 15:32:02 +0000</nobr><br>File: [Cromite-Branding--improve-settings-ui.patch](/build/patches/Cromite-Branding--improve-settings-ui.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> |Modification to the settings ui with the aim of making it clearer.|
|**Customize selection popup**<br><sub><nobr> Sun, 7 Jan 2024 15:46:46 +0000</nobr><br>File: [Customize-selection-popup.patch](/build/patches/Customize-selection-popup.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> |Adds options related to the handling of pop-up selections:<br>Opens tabs in foreground, Move web search to the top of items,<br>Web search in tab group and Enable smart text selection|
|**Deprecate Data URL in SVGUseElement**<br><sub><nobr> Mon, 5 Jun 2023 17:02:33 +0000</nobr><br>File: [Deprecate-Data-URL-in-SVGUseElement.patch](/build/patches/Deprecate-Data-URL-in-SVGUseElement.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> ||
|**Dictionary suggestions for the Omnibox**<br><sub><nobr> Sat, 19 Mar 2022 10:53:24 +0100</nobr><br>File: [Dictionary-suggestions-for-the-Omnibox.patch](/build/patches/Dictionary-suggestions-for-the-Omnibox.patch)<br><nobr>Author: csagan5</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |Revert "Disable Dictionary suggestions for the Omnibox"<br>This reverts commit d3ec2b2d25066ec089f8351a44b919ded4270e83.|
@@ -138,6 +140,7 @@
|**Enable -fwrapv in Clang for non-UBSan builds**<br><sub><nobr> Thu, 22 Dec 2016 07:15:34 -0500</nobr><br>File: [Enable-fwrapv-in-Clang-for-non-UBSan-builds.patch](/build/patches/Enable-fwrapv-in-Clang-for-non-UBSan-builds.patch)<br><nobr>Author: Daniel</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |Using -fwrapv (notably only when not using signed integer overflow checking -<br>since it will override it and result in not performing checks) is just common<br>sense since it eliminates the chance of security vulnerabilities being<br>introduced by optimizations based on signed overflow being undefined.<br>That has happened before, and those optimizations don't even add up to a 0.1%<br>performance increase for this kind of software. It's not worth having.<br>The Linux kernel passes -fwrapv and also -fno-strict-aliasing to disable those<br>dangerous optimizations (since there is so much incorrect code they can break).<br>In fact, it is easy to point to dozens of known examples of invalid code that<br>could potentially be broken by those optimizations.<br>It is not acceptable for projects to be using optimizations that are known to<br>be broken with a bunch of code in their tree.<br>They put barely any effort into even fixing the known cases.<br>Chromium has blacklists for UBSan for 'false positives' (none of which are<br>actually false positives, but rather "undefined, but not a bug beyond<br>potentially being broken by optimizations or even code generation without<br>them") and also for components too full of these bugs for them to currently<br>want to bother with it. That includes a bunch of signed overflow issues<br>(there is sadly no detection for aliasing violations, which are fairly common,<br>but not that common).<br>Ideally, -fwrapv could be always passed, but unfortunately the way it is<br>implemented has silly interactions with other switches.<br>The reason it would still make sense to pass it is because due to their UBSan<br>blacklists, they get far from full coverage with it, so -fwrapv would still<br>be better than nothing where it's not being used.<br>Since -fwrapv makes signed integer overflow well-defined, Clang will disable<br>the UBSan checks for signed integer overflow, including in the<br>production-oriented trapping mode used for hardening.<br>Excerpt from https://github.com/bromite/bromite/issues/226|
|**Enable Certificate Transparency**<br><sub><nobr> Fri, 10 Jun 2022 14:20:02 +0200</nobr><br>File: [Enable-Certificate-Transparency.patch](/build/patches/Enable-Certificate-Transparency.patch)<br><nobr>Author: csagan5</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |Reporting/auditing functionalities are disabled; a flag is exposed.<br>Add guard to make sure that certificate transparency stays enabled<br>by default.|
|**Enable ClickToCall**<br><sub><nobr> Sat, 21 Sep 2024 14:38:40 +0000</nobr><br>File: [Enable-ClickToCall.patch](/build/patches/Enable-ClickToCall.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> |Reactivation of the "click-to-call" flag and activation by default.<br>The functionality is only active if sending Intents from the web is allowed|
|**Enable Do-Not-Track by default**<br><sub><nobr> Wed, 29 May 2024 13:49:01 +0000</nobr><br>File: [Enable-Do-Not-Track-by-default.patch](/build/patches/Enable-Do-Not-Track-by-default.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> ||
|**Enable Document Open Inheritance Removal**<br><sub><nobr> Tue, 28 Mar 2023 15:43:18 +0000</nobr><br>File: [Enable-Document-Open-Inheritance-Removal.patch](/build/patches/Enable-Document-Open-Inheritance-Removal.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> ||
|**Enable Global Privacy Control**<br><sub><nobr> Wed, 29 May 2024 13:43:50 +0000</nobr><br>File: [Enable-Global-Privacy-Control.patch](/build/patches/Enable-Global-Privacy-Control.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> ||
@@ -209,7 +212,6 @@
|**Reduce HTTP headers in DoH requests to bare minimum**<br><sub><nobr> Sat, 28 Apr 2018 08:30:26 +0200</nobr><br>File: [Reduce-HTTP-headers-in-DoH-requests-to-bare-minimum.patch](/build/patches/Reduce-HTTP-headers-in-DoH-requests-to-bare-minimum.patch)<br><nobr>Author: csagan5</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> ||
|**Remove ChromiumNetworkAdapter**<br><sub><nobr> Sat, 15 Apr 2023 11:46:48 +0000</nobr><br>File: [Remove-ChromiumNetworkAdapter.patch](/build/patches/Remove-ChromiumNetworkAdapter.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> |Removes from java code the ability to make http connections<br>without asking the native code|
|**Remove EV certificates**<br><sub><nobr> Thu, 2 Apr 2015 12:44:23 +0200</nobr><br>File: [Remove-EV-certificates.patch](/build/patches/Remove-EV-certificates.patch)<br><nobr>Author: Jan</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |The team chose to let EV certificates appear just like normal<br>certificates. The web of trust is considered a failure in itself, so<br>do not give users a false sense of extra security with EV certs.<br>Instead, let them appear just like regular ones.|
|**Remove HTTP referrals in cross origin navigation**<br><sub><nobr> Wed, 21 Sep 2022 12:28:17 +0000</nobr><br>File: [Remove-HTTP-referrals-in-cross-origin-navigation.patch](/build/patches/Remove-HTTP-referrals-in-cross-origin-navigation.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |The patch removes the referrals if the navigation is cross-origin and occurs in the top frame.<br>The value is not removed across iframes because the referrals are statically defined<br>by the HTML and the Javascript of the page, and therefore they do not tell anything about the<br>user. Also, some services may not work, such as video iframes.<br>A preference is also introduced to completely removes referrals management, for advanced users.|
|**Remove segmentation platform**<br><sub><nobr> Thu, 9 Jun 2022 19:45:03 +0000</nobr><br>File: [Remove-segmentation-platform.patch](/build/patches/Remove-segmentation-platform.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-3.0-only</nobr> |Also fixes a crash on startup.|
|**Remove sideloading of version.dll**<br><sub><nobr> Sun, 15 Sep 2024 09:41:40 +0000</nobr><br>File: [Remove-sideloading-of-version-dll.patch](/build/patches/Remove-sideloading-of-version-dll.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> |Disabling support for local version.dll loading in windows|
|**Remove support for device memory and cpu recovery**<br><sub><nobr> Tue, 27 Jun 2023 11:11:53 +0000</nobr><br>File: [Remove-support-for-device-memory-and-cpu-recovery.patch](/build/patches/Remove-support-for-device-memory-and-cpu-recovery.patch)<br><nobr>Author: uazo</nobr><br><nobr>Context: </nobr><br><nobr>License: GPL-2.0-or-later</nobr> ||
