Questions About Vivaldi's Approach To Security

Logo of Vivaldi Browser

The Finding

While testing Vivaldi, I came across one of its shortcomings, which is it's long interval to update the browser. The browser takes a long time to introduce new updates, which is understandable as it's a fairly new company, and has less employees working on it. That can be seen, as there is only one channel of the browser, apart from the stable release, which it calls 'Snapshots', in other browsers that is 'Beta' and is one version of ahead of the stable release. Other major browsers have got more channels like Canary/Nightly and Dev, but Vivaldi seems to have these missing.

The problem I found was (at the time of writing, is) Vivaldi didn't updated to Chromium 97, which was released earlier this year on 4th January, and continues to ship on Chromium 96 after almost one month of Chromium 97 coming out. The release fixed 38 security vulnerabilities, including 1 critical fix and 11 other high level fixes. These updates are necessary for a mainstream Chromium-based browser to provide its users a secure experience over the web.

The Step I Took

After not seeing the update come after waiting for a month, and the next Chromium release - Chromium 98 was to be released on 1st February, I became impatient and asked the Vivaldi team in their official Telegram channel when will they update to Chromium 97 and then to Chromium 98? One of the devs told that Vivaldi Snapshots are already Chromium 98 powered and the next Vivaldi stable release will directly jump to Chromium 98.

A picture showing the Telegram message of the issue

What this means is Vivaldi skipped a major Chromium release for a month for all of its users. This wasn't expected from a browser maker, which wants to enter in the mainstream browser market. The security of the browser really counts and skipping a major Chromium release was (at the time of writing, is) a really questionable decision to its users' safety and is unacceptable as one month is enough for a browser to make all the tests and update it. This made me realize not to recommend Vivaldi as a safe choice, and made me leave this browser.




MIT License

Privacy Policy