Chromium Drift tracks which browsers ship outdated Chromium builds, exposing users to publicly known, already-patched vulnerabilities.
Key Takeaways
Browsers lagging behind Chromium expose users to exploitable CVEs whose fixes are already public in Chromium source.
Attackers target lagging browsers specifically because patches are visible upstream before downstream users receive them.
The tool lets users check their own browser’s current Chromium version directly.
Hacker News Comment Review
Commenters want Electron app coverage added, noting that many desktop apps ship outdated Chromium runtimes with unpatched vulnerabilities, though untrusted-code execution is less common in that context.
The tool lacks longitudinal tracking; without data on how long each browser historically lags per release, security conclusions are hard to validate. Chromium major versions ship every two weeks, which is important framing.
Notable Comments
@butz: Wants Electron apps listed with their Chromium drift, flagging the unpatched-vulnerability risk in shipped runtimes.
