A Review of ungoogled-chromium Patches

In the present day, having a secure browser is more important than ever. Being the most used application in the system, the browser represents a large attack surface because it processes untrusted input combined with being a written in an unsafe language while having a codebase whose size can rival some operating systems. However, many browsers come out of the box with weak privacy. ungoogled-chromium is an oft recommended browser because of its Chromium base and degoogled properties. However, I have a couple of concerns with this recommendation, namely:

Security issues aside, they must be doing unique and great work in privacy, right?

No. Most of the functionality of the patches are either in the best case minimally beneficial or can be reproduced with either a setting, a flag, or a switch, and using a browser specifically for these patches is not worth the tradeoff in security.

This article aims to detail the patches in the order they apply in, their functions, and how they can be reproduced in Chrome.

0001-fix-building-without-safebrowsing.patch, unrar.patch, safe_browsing-disable-incident-reporting.patch, safe_browsing-disable-reporting-of-safebrowsing-over.patch, remove-unused-preferences-fields.patch

These patches disable safe browsing. Related prefs are removed in remove-unused-preferences-fields.

— Safe browsing can be turned off in chrome://settings.


This patch disables form Autofill data transmission to Google.

— Autofill can be turned off in chrome://settings.


This patch disables:


This patch disables Chrome's WebResourceService, which periodically fetches JSON data from a Google server to dynamically configure the browser.


This patch uses RIPE NCC servers instead of Google servers for IPv6 probes.


This patch disables pings to clients2.google.com/ for component updates.

— Component updates can be disabled with switch --disable-component-update.


This cosmetic patch disables the new avatar menu.


This patch disables RLZ, a promotional tag only found in Chrome.

This non-unique tag sent is sent with Google searches and crash reports

— RLZ can be disabled by defining "rlz_disabled":true in the preferences file.


This patch disables the uploading of crash reports to Google. Chromium does not report crashes.

— Disable the crash reporter with switch --disable-crash-reporter.


This patch disables Google specific features and restrictions applied to Google domains.


This patch replaces Google with "No Search" (disables search from omnibox).

— Use another search engine.

disable-signin.patch, fix-building-without-one-click-signin.patch, disable-gaia.patch

This patch disables browser management of sign-in of Google Accounts. Requires API keys found only in Chrome.

— Disabled with switches --disable-gaia-services, --disable-sync, --allow-browser-signin=false


This patch disables translation and removes the "Translate to" context menu when --translate-script-url flag is not set.

— Define a non-existent --translate-script-url.

all-add-trk-prefixes-to-possibly-evil-connection.patch, disable-untraceable-urls.patch, block-trk-and-subdomains.patch, disable-webstore-urls.patch, fix-learn-doubleclick-hsts.patch, block-requests.patch

These patches disable all connections hard-coded into the browser using domain substitution. A lot of these connections are only made on user interaction and not transparently made in the background.

Connections patched out include

@lynn-stephenson — you can even change the URLs of "Google URLs" with some switches



















This patch disables the downloading of profile avatars from Google.


Disables the Google Cloud Messaging component. Extensions can use the chrome.gcm API to send messages through Firebase Cloud Messaging.


The domain reliability monitor sends info to Google whenever an error occurs while visiting a Google domain.

— Disable domain reliability with switch --disable-domain-reliability.


This patch disables references to fonts.googleapis.com hardcoded in the browser.


This patch disables the uploading of WebRTC logs for the Hangouts extension.

— Disable reporting additional diagnostics in Hangouts settings.


This patch always uses local DevTools files instead of fetching remote files from Google.


This patch disables connections to Google to check if the system time is correct when a website certificate date seems incorrect.

— Disable the network time tracker with switch --disable-features=NetworkTimeServiceQuerying


This patch disables downloading of a list of sites with a high Media Engagement Index, used to determine whether or not a site autoplays.

— Disable MEI preload with switch --disable-features=PreloadMediaEngagementData, MediaEngagementBypassAutoplayPolicies


This patch disables reporting violations such as COEP.


This patch disables the downloading of field trials (Google’s A/B testing).

— Field trials can be disabled with switch --disable-field-trial-config.

With the relative ease that these settings can be changed, there is no reason to use ungoogled-chromium as a main browser when Chrome can be configured similarly.