Chromium

Published: 7th February 2025

Updated: 7th February 2025

# Introduction

Chromium is an open-source web browser project developed and maintained by the Chromium Project, primarily backed by Google. It serves as the foundation for many popular browsers, including Google Chrome, Microsoft Edge, and Brave. Chromium provides a fast, lightweight, and secure browsing experience, featuring a minimalist user interface and support for modern web standards. Unlike Chrome, it lacks proprietary components such as automatic updates, built-in media codecs, and Google services integration. Developers and tech enthusiasts often use Chromium for its transparency, flexibility, and ability to customize the browser experience 1, 2.

Axiom.ai relies on Chromium to run your automations, and Chromium continues to be an important tool to everyone. According to statcounter, at the time of publishing, 72.28% of the browser market share was cornered by Chromium-based browsers - with Chrome taking the lead 3.

# Axiom.ai and Chromium

Axiom.ai comes bundled with a version of Chromium to allow you to run your automations. When running your automation locally, a Chromium window will open where your automation will run. When running this through our cloud infrastructure, a Chromium window will be opened on our cloud that will run your automation - just as it would when the automation is run locally.

The tools ability to work with Chromium has benefits, such as:

  • Being compatible with most Chromium-based browsers.
  • Providing a faster browser experience as Chromium lacks Google service integrations.
  • Higher level of customisation.

These benefits give us the ability to offer features such as:

As well as many other features that are offered.

# Puppeteer and Chromium

Puppeteer is a JavaScript library which provides a high-level API to control Chromium over the DevTools Protocol and WebDriver BiDi 4. It takes full advantage of the APIs built into Chromium to offer an automation library that is used by Axiom.ai. We use this library to offer you the ability to create automations - you can tap into this using the Write Javascript step and our Puppeteer Snippets to write your own Puppeteer!

As a library developed by Google, Chromium is supported by Puppeteer - however, a Firefox version has been made available. It integrates closely with Chromium for a few reasons:

# Chromium Architecture

The Chromium architecture has been built to prioritise user experience, often at the cost of additional memory overhead - hence Chromium and Chromium-based browsers are often associated with higher memory usage. This is great for the average end-user of their products, but not ideal when using the browser for development or automation purposes. Let's review some of the main features of their architecture:

Multi-process architecture - each tab and extension that you load into Chromium will run in a separate process to enhance security and stability, including Axiom.ai. This isolation prevents one crashing tab from affecting others, but does come at a cost to RAM. A good way to check how this impacts your computer is to review Task Manager (Windows) or Activity Monitor (macOS) and checking the number of processes your Chromium-based browser is taking up.

Preloading and caching - aggressive caching of web content and preloading of pages to improve speed and responsiveness helps improve the user experience within the browsers.

JavaScript and rendering engine - Chromium employs the V8 Javascript engine and Blink rendering to optimise performance by compiling and executing JavaScript efficiently.

Tab and session management - this one has gotten better recently with the addition of a feature called Data Saver that puts tabs to sleep when they are inactive. Without this feature active, Chromium will keep inactive tabs in memory to allow you to instantly switch to them instead of reloading.

Garbage collection - the V8 engine uses aggressive garbage collection strategies to manage memory, however, it sometimes retains unused memory to speed up future tasks.

Most features above contribute to a better user experience, at the cost of memory.

# V8 JavaScript Engine

A large component of Chromium's speed lies in it's V8 JavaScript Engine that allows for Just-In-Time (JIT) compilation of JavaScript. This engine is built in C++ and is available on all major operating systems and "implements ECMAScript and WebAssembly" 5 to support the compilation of JavaScript on webpages. SpiderMonkey, which is used by Firefox, also uses a JIT compiler that is written in C++ and offers some of the same optimisations that V8 offers 6.

Over the past few years, their engine has seen significant advancements, including a new optimizing compiler called Maglev, which bridges the gap between the Sparkplug and TurboFan compilers; a redesigned architecture for TurboFan; a faster HTML parser; and improved DOM allocations 7. Improvements to the browsers garbage collection strategies have also lead to performance improvement.

This provides some great benefits for using Chromium as a platform for running code for automations, as Axiom.ai and Puppeteer often do. This makes the browser a great platform for development and automation.

# Process model

As previously mentioned, Chromium separates each tab and extension into a separate process to encapsulate them to prevent a domino effect of crashing tabs caused by a single tab - this also improves security across the tabs. When rendering webpages, this means that the rendering process for each page will be separated into a new thread - each thread will have a RenderProcess object that manages the communication with the parent browser process. The browser maintains a RenderProcessHost for each renderer process that manages browser state and communication 8. This encapsulation is what prevents your browser from crashing when a single tab has crashed, and improves overall security.

When a new tab or window is opened, the browser will create a new process and create a single RenderFrame which uses Mojo (a communication service) to communicate with the RenderFrameHost object that the browser has created. The RenderFrame contains a single webpage - this can include additional iframes that are contained within the page. There are instances when a new window opened with window.open will share the same RenderFrame as the page that the code was called on. In an attempt to wrangle in the number of processes created by this process, Chromium can adopt existing tabs into the RenderFrame of another tab when the number of tabs exceed a limit.

This provides some great benefits when it comes to automation - when you run an automation this will load the webpage, and all associated resources, as well as the resources that are needed to run your automation. While Axiom.ai scripts are quite small, heavier websites can cause Chromium to hit the limitations of it's memory allocation in the tab that it's running in. When this happens, the tab will crash rather than the entire browser. This can also happen with long running browser sessions that may come with longer running automations. Reloading the page often resolves any memory issues.

# Security model

Chromium employs a sandbox to protect against potential vulnerabilities within the rendering engine - this prevents the rendering engine from issuing some system calls that could allow for the vulnerability to be acted on. The sandbox makes use of creative approach to security tokens to ensure that a compromised rendering engine does not have the ability to interact with the operating system that the browser is running on 9. This works well with the process model that they use to encapsulate processes. You can think of the sandbox as a black box where error-prone operations are carried out to protect the user.

The team behind the browser have developed vulnerability management to detect, report and patch vulnerabilities:

  • Vulnerabilities are found through automated fuzzing (opens new window), security audits, and external reports.
  • A public bug tracker can be used to document security issues
  • Patches are developed and tested to mitigate risks. These patches are released once they meet the requirements of the security risk mitigation plan.

Chromium uses a tool called ClusterFuzz to automate their fuzzing infrastructure to continuously test for crashes and vulnerabilities within Chrome. AddressSantizer and UndefinedBehaviorSanitizer detect memory corruption and undefined behaviour during development and Syzkaller handles the kernal fuzzing to find security flaws in sandboxed processes 10.

Chromium will use a fast release cycle to quickly release security updates - most Chromium based browsers, such as Google Chrome, will have automatic updates to ensure that these get installed as they are released. You can read about these updates over on Google's blog, Chrome Releases (opens new window).

# References

1 Chromium Project (Home) https://www.chromium.org/Home/

2 Chromium Project (Core Principles) https://www.chromium.org/developers/core-principles/

3 statcount, https://gs.statcounter.com/browser-market-share

4 Puppeteer, https://pptr.dev/guides/what-is-puppeteer

5 V8, https://v8.dev/

6 SpiderMonkey, https://spidermonkey.dev/

7 V8, "V8 is Faster and Safer than Ever!", https://v8.dev/blog/holiday-season-2023

8 Chromium, "Multi-process Architecture", https://www.chromium.org/developers/design-documents/multi-process-architecture/

9 "The Security Architecture of the Chromium Browser", Barth, Jackson, Reis, Google Chrome Team, 2008 https://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf

10 Chromium, Google Source https://chromium.googlesource.com/chromium/src/+/main/testing/libfuzzer/README.md

Prev: Deep Dives