Chromium on FreeBSD: Browser Review
Chromium is the open-source project behind Google Chrome. On FreeBSD, Chromium works but comes with important caveats that do not exist on Linux -- most notably around sandboxing and security. This review gives an honest assessment: what works, what does not, and whether Chromium is the right choice for your FreeBSD system.
The short version: Chromium on FreeBSD is a capable browser that handles modern web applications well. It is also less secure than Chromium on Linux because FreeBSD lacks the Linux-specific sandboxing mechanisms that Chromium depends on. If you choose Chromium on FreeBSD, you should understand these tradeoffs.
Installation
sh# Install Chromium pkg install chromium # Check the version chrome --version
The binary is installed as chrome (not chromium) on FreeBSD. The FreeBSD port tracks upstream Chromium releases closely.
First Launch
sh# Basic launch chrome & # Launch with useful flags chrome --enable-features=VaapiVideoDecoder --enable-gpu-rasterization &
On first launch, Chromium may warn about not being the default browser and about missing sandboxing. Both are expected on FreeBSD.
Sandboxing Limitations
This is the most important section of this review. Chromium's security model relies heavily on sandboxing -- isolating renderer processes so that a compromised web page cannot access the rest of the system. On Linux, Chromium uses:
- seccomp-bpf: Filters system calls at the kernel level
- namespaces: Isolates process views of the filesystem, network, and PID space
- setuid sandbox: Privilege dropping with a helper binary
FreeBSD has none of these specific mechanisms. The result is that Chromium on FreeBSD runs with significantly weaker process isolation.
What FreeBSD does have:
- Capsicum: A capability-based sandboxing framework. Chromium has experimental Capsicum support, but it is not as comprehensive as the Linux sandbox.
- Process separation: Chromium still runs separate processes per tab/site, which provides some isolation at the OS process level.
Check your sandbox status:
sh# Navigate to chrome://sandbox in the browser # Or from the command line: chrome --version # Then check chrome://sandbox after launch
Practical impact: A vulnerability in a Chromium renderer process on FreeBSD is more likely to lead to system-level compromise than the same vulnerability on Linux. If you browse high-risk sites or handle sensitive data, this matters.
Mitigation: Run Chromium inside a jail with limited filesystem access:
sh# Example: create a restricted jail for browser use # This is an advanced setup -- see the FreeBSD Handbook jails chapter
Or use Firefox, which does not depend on Linux-specific sandboxing to the same degree.
GPU Acceleration
Setup
sh# Ensure GPU drivers are loaded pkg install drm-kmod # Intel GPU sysrc kld_list+="i915kms" kldload i915kms # AMD GPU sysrc kld_list+="amdgpu" kldload amdgpu
Enabling GPU Features
Launch Chromium with GPU flags:
shchrome \ --enable-features=VaapiVideoDecoder,VaapiVideoEncoder \ --enable-gpu-rasterization \ --enable-zero-copy \ --ignore-gpu-blocklist \ &
To make these flags permanent, create a wrapper script or add them to the desktop file:
sh# Create a wrapper script cat > ~/bin/chromium << 'SCRIPT' #!/bin/sh exec chrome \ --enable-features=VaapiVideoDecoder,VaapiVideoEncoder \ --enable-gpu-rasterization \ --enable-zero-copy \ --ignore-gpu-blocklist \ "$@" SCRIPT chmod +x ~/bin/chromium
Verifying GPU Acceleration
Navigate to chrome://gpu in the browser. Check:
- Graphics Feature Status: Look for "Hardware accelerated" next to Compositing, Rasterization, and Video Decode.
- Video Decode: Should list supported codecs (VP9, H.264, AV1)
For hardware video decoding, install VA-API:
sh# Intel pkg install libva-intel-driver # Or for newer Intel: pkg install intel-media-driver # AMD pkg install libva-mesa-driver # Verify pkg install libva-utils vainfo
Wayland Support
Chromium supports Wayland natively through the Ozone platform layer:
sh# Launch Chromium under Wayland chrome --ozone-platform=wayland &
To make Wayland the default, create the file ~/.config/chromium-flags.conf:
shecho "--ozone-platform=wayland" > ~/.config/chromium-flags.conf
Or alternatively, use the chrome-flags.conf file if that is what your build reads:
shecho "--ozone-platform=wayland" > ~/.config/chrome-flags.conf
Under Wayland, Chromium benefits from:
- Tear-free rendering
- Better HiDPI handling
- Native Wayland window decorations
Known issues under Wayland on FreeBSD:
- Screen sharing may not work without PipeWire configured
- Some extensions that manipulate the window may not function correctly
- Drag and drop between Chromium and X11 (XWayland) apps may fail
Memory Usage
Chromium is known for high memory consumption. On FreeBSD, the numbers are comparable to Linux:
| Scenario | Chromium | Firefox |
|----------|----------|---------|
| Fresh start, 1 tab | ~250 MB | ~200 MB |
| 10 tabs, mixed content | ~1.1 GB | ~800 MB |
| 25 tabs, mixed content | ~2.5 GB | ~1.8 GB |
| 50 tabs, mixed content | ~4.0 GB | ~2.5 GB |
Chromium's process-per-site-instance model provides better isolation but at the cost of higher memory overhead. Each renderer process has its own V8 JavaScript engine instance.
Reducing Memory Usage
sh# Limit renderer processes chrome --renderer-process-limit=4 & # Disable preloading # Settings > Performance > Preload pages = off
In chrome://flags:
- Enable "Automatic tab discarding" -- Chrome will unload inactive tabs
- Enable "Tab Freeze" -- Suspends background tab JavaScript
Performance
JavaScript Benchmarks
V8 (Chromium's JavaScript engine) typically outperforms SpiderMonkey (Firefox) on benchmarks like Speedometer and JetStream. In practical use, the difference is negligible for most websites. If you run heavy web applications (Google Docs, Figma, complex SPAs), Chromium may feel slightly more responsive.
Page Load Times
Comparable between Chromium and Firefox on FreeBSD. Network is usually the bottleneck, not the browser engine.
Startup Time
Chromium starts slightly slower than Firefox on FreeBSD due to its larger binary size and more initialization work:
sh# Measure startup time (rough) time chrome --headless --disable-gpu --dump-dom https://example.com > /dev/null 2>&1
Extensions
Chrome Web Store extensions work in Chromium on FreeBSD. Recommended extensions:
- uBlock Origin: Ad and tracker blocking (essential for both security and performance)
- Bitwarden: Password manager
- HTTPS Everywhere: Force HTTPS connections (mostly superseded by built-in HTTPS-Only Mode)
Install from chrome://extensions or the Chrome Web Store.
Note: Extensions installed from the Chrome Web Store in Chromium work identically to Chrome on any other platform.
DRM Content (Netflix, Spotify)
Chromium includes Widevine CDM support for DRM-protected content:
sh# Widevine should be included in the FreeBSD Chromium package # Verify by navigating to: # chrome://components # Look for "Widevine Content Decryption Module"
If Widevine is not present or not updating:
sh# Check if the component exists ls /usr/local/share/chromium/WidevineCdm/ 2>/dev/null
Netflix, Disney+, Spotify, and other DRM services should work once Widevine is loaded.
Useful Chrome URLs
shellchrome://flags -- Experimental features chrome://gpu -- GPU and graphics information chrome://sandbox -- Sandbox status chrome://components -- Component updates (Widevine, etc.) chrome://process-internals -- Process model details chrome://net-internals -- Network debugging chrome://tracing -- Performance tracing
Profiles
Chromium supports multiple profiles for separating work and personal browsing:
sh# Launch with a specific profile directory chrome --user-data-dir=~/.config/chromium-work & # Create a completely isolated instance chrome --user-data-dir=/tmp/chromium-temp --no-first-run &
Security Hardening
Given the sandboxing limitations on FreeBSD, additional hardening is worthwhile:
sh# Launch with stricter settings chrome \ --disable-background-networking \ --disable-client-side-phishing-detection \ --disable-default-apps \ --disable-extensions-except=/path/to/ublock \ --disable-hang-monitor \ --disable-popup-blocking \ --disable-prompt-on-repost \ --disable-sync \ --metrics-recording-only \ --no-first-run \ --safebrowsing-disable-auto-update \ &
In Chromium settings:
- Enable HTTPS-Only Mode
- Disable "Help improve Chrome's features and performance" (telemetry)
- Set "Do Not Track" to on
- Review Site Settings and restrict permissions (camera, microphone, notifications) to ask-by-default
Chromium vs Firefox: The FreeBSD Verdict
For FreeBSD specifically, Firefox is the stronger recommendation:
- Sandboxing: Firefox's process isolation is not as dependent on Linux-specific mechanisms as Chromium's. The security gap between Firefox-on-FreeBSD and Firefox-on-Linux is smaller than the gap between Chromium-on-FreeBSD and Chromium-on-Linux.
- Memory: Firefox uses meaningfully less memory, which matters on servers repurposed as workstations or on hardware with limited RAM.
- Privacy: Firefox's default tracking protection is stronger without additional configuration.
- Port maintenance: Both are well-maintained in FreeBSD ports, but Firefox tends to have fewer FreeBSD-specific patches needed.
Choose Chromium on FreeBSD if:
- You rely on Chrome-specific web applications
- You need Chrome DevTools specifically (though Firefox DevTools are comparable)
- You need better V8 JavaScript performance for specific web apps
- You are already heavily invested in the Chrome extension ecosystem
Troubleshooting
Chromium Will Not Start
sh# Run from terminal to see errors chrome --no-sandbox 2>&1 | head -50 # If it complains about shared memory: sysctl kern.ipc.shm_allow_removed=1 # Make permanent: echo 'kern.ipc.shm_allow_removed=1' >> /etc/sysctl.conf
No Audio
sh# Chromium expects PulseAudio pkg install pulseaudio pulseaudio --start # Or PipeWire with PulseAudio compatibility pkg install pipewire pipewire-pulse
GPU Errors
sh# Check chrome://gpu for error details # Try disabling GPU acceleration temporarily: chrome --disable-gpu & # If specific features cause crashes: chrome --disable-gpu-compositing &
High CPU Usage
sh# Check per-tab CPU usage # Shift+Esc inside Chromium opens the task manager # Or from the command line: top -p $(pgrep chrome | tr '\n' ',')
FAQ
Is Chromium safe to use on FreeBSD?
Chromium on FreeBSD provides weaker sandboxing than on Linux because FreeBSD lacks seccomp-bpf and Linux namespaces. For general web browsing, the risk is acceptable. For high-security environments, Firefox is the better choice on FreeBSD, or run Chromium inside a jail.
What is the difference between Chromium and Chrome on FreeBSD?
Chromium is the open-source project. Google Chrome adds proprietary components (Google sync, automatic updates, Widevine CDM bundling, crash reporting). Only Chromium is available on FreeBSD because Google does not release Chrome for FreeBSD.
Does Chromium support hardware video decoding on FreeBSD?
Yes, with VA-API and the correct flags. Install the appropriate VA-API driver for your GPU, then launch Chromium with --enable-features=VaapiVideoDecoder. Verify at chrome://gpu.
Can I install Chrome extensions in Chromium on FreeBSD?
Yes. Chromium can install extensions from the Chrome Web Store. The extension ecosystem is fully compatible.
Why does Chromium use more memory than Firefox?
Chromium creates separate processes for each site instance (not just each tab). This improves isolation and crash recovery but costs more memory. Firefox uses a shared-memory model for content processes that is more memory-efficient.
How do I update Chromium on FreeBSD?
shpkg upgrade chromium
Updates come through the regular FreeBSD package repository. Check for updates regularly, especially for security fixes.