From this post asking why users were switching away from Tor Browser/Firefox and using Chromium - the 0days revealed for Tor Browser in Kaspersky's Equation Group report is why.
Setting up Chromium reprinted here:
Quick Tutorial on Setting up a Secure Chromium Based Browser
- Download Chromium
- Install for your platform
- Go to
settings
thenextensions
- Install
scriptsafe
andproxy switchy sharp
anduser agent switcher
- change the user agent to
Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
- Setup Tor in proxy switchy sharp by specifying the proxy as socks5 127.0.0.1 and port 9040 (defaults for Tor)
- Switch to the Tor profile in Proxy Switchy Smart
- Create a separate browser profile for each market you use
- Disable all checkboxes under
Settings
>Privacy
- Disable all plugins in
chrome://plugins
- In
chrome://flags
disable WebGL, WebRTC, SPDY, NCL, QUIC, SafeLists, Notifications, Identity Consistancy (almost everything on this page should be disabled, if in doubt, disable it). - Change content settings (under settings > advanced) to disable all location services, clear all history on restart and to not save passwords
- Create a shortcut to run Chrome from with the command flag
--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE 127.0.0.1"
Note: You should still be running this on Linux and in a VirtualMachine
edit: Before some fool responds with "just run Tor Browser in a virtual machine" - the virtual machine is a last line of defense, not your method for securing your browser. You don't leave all the doors on your car unlocked and open just because you have an alarm.
edit 2: Before some fool responds again with "but there are issues in Chromium that cause privacy issues. Most of those have been fixed (the Tor wiki page you will almost certainly link to hasn't been updated in 20 months) and the plugins above fix the rest. Besides, a cookie ID correlation attack is much less dangerous than a literal browser code-exec. Clear your cookies/sessions.
Can you please give specific citations for how each of the ImportantGoogleChromeBugs are fixed? The tails developers are still taking it seriously.