Chromium/Tips and tricks
Related articles
Contents
-
1 Browsing experience
- 1.1 chrome://xxx
- 1.2 Chromium task manager
- 1.3 Broken icons in Download tab
- 1.4 Chromium overrides/overwrites Preferences file
- 1.5 Search engines
- 1.6 Tmpfs
- 1.7 Launch a new browser instance
- 1.8 Directly open *.torrent files and magnet links with a torrent client
- 1.9 Touch Scrolling on touchscreen devices
- 1.10 Reduce memory usage
- 1.11 User Agent
- 1.12 DOM Distiller
- 1.13 Forcing specific GPU
- 2 Profile maintenance
- 3 Security
- 4 Making flags persistent
- 5 See also
Browsing experience
chrome://xxx
A number of tweaks can be accessed via typing chrome://xxx in the URL field. A complete list is available by typing chrome://chrome-urls into the URL field. Some of note are listed below:
- chrome://flags - access experimental features such as WebGL and rendering webpages with GPU, etc.
- chrome://extensions - view, enable and disable the currently used Chromium extensions.
- chrome://gpu - status of different GPU options.
- chrome://sandbox - indicate sandbox status.
- chrome://version - display version and switches used to invoke the active
/usr/bin/chromium
.
An automatically updated, complete listing of Chromium switches is available here.
Chromium task manager
Shift+ESC can be used to bring up the browser task manager wherein memory, CPU, and network usage can be viewed.
Broken icons in Download tab
If Chromium shows icon placeholders (icons representing broken documents) instead of appropriate icons in its Download tab, the likely cause is that the adwaita-icon-theme package is not installed.
Chromium overrides/overwrites Preferences file
If you enabled syncing with a Google Account, then Chromium will override any direct edits to the Preferences file found under $HOME/.config/chromium/Default/Preferences
. To work around this, start Chromium with the --disable-sync-preferences
switch:
$ chromium --disable-sync-preferences
If Chromium is started in the background when you login in to your desktop environment, make sure the command your desktop environment uses is:
$ chromium --disable-sync-preferences --no-startup-window
Search engines
Make sites like wiki.archlinux.org and wikipedia.org easily searchable by first executing a search on those pages, then going to Settings > Search and click the Manage search engines.. button. From there, "Edit" the Wikipedia entry and change its keyword to w (or some other shortcut you prefer). Now searching Wikipedia for "Arch Linux" from the address bar is done simply by entering "w arch linux".
Tmpfs
Cache in tmpfs
To limit Chromium from writing its cache to a physical disk, one can define an alternative location via the --disk-cache-dir=/foo/bar
flag:
$ chromium --disk-cache-dir=/tmp/cache
Cache should be considered temporary and will not be saved after a reboot or hard lock. Alternatively, use:
/etc/fstab
tmpfs /home/username/.cache tmpfs noatime,nodev,nosuid,size=400M 0 0
Profile in tmpfs
Relocate the browser profile to a tmpfs filesystem, including /tmp
, or /dev/shm
for improvements in application response as the entire profile is now stored in RAM.
Use an active profile management script for maximal reliability and ease of use.
profile-sync-daemonAUR is such a script and is directly available from the AUR. It symlinks and syncs the browser profile directories to RAM. Refer to the Profile-sync-daemon wiki article for additional information on it.
Launch a new browser instance
When you launch the browser, it first checks if another instance using the same profile is already running. If there is one, the new window is associated with the old instance. To prevent this, you can specifically ask the browser to run with a different profile.
$ chromium --user-data-dir=<PATH TO A PROFILE>
Directly open *.torrent files and magnet links with a torrent client
By default, Chromium downloads *.torrent
files directly and you need to click the notification from the bottom-left corner of the screen in order for the file to be opened with your default torrent client. This can be avoided with the following method:
- Download a
*.torrent
file. - Right-click the notification displayed at the bottom-left corner of the screen.
- Check the "Always Open Files of This Type" checkbox.
See xdg-open to change the default assocation.
Touch Scrolling on touchscreen devices
You may need to specify which touch device to use. Find your touchscreen device with xinput list
then launch Chromium with the --touch-devices=x
parameter, where "x" is the id of your device.
Reduce memory usage
By default, Chromium uses a separate OS process for each instance of a visited web site. [1] However, you can specify command-line switches when starting Chromium to modify this behaviour.
For example, to share one process for all instances of a website:
$ chromium --process-per-site
To use a single process model:
$ chromium --single-process
In addition, you can suspend or store inactive Tabs with extensions such as Tab Suspender and OneTab.
User Agent
The User Agent can be arbitrarily modified at the start of Chromium's base instance via its --user-agent="[string]"
parameter.
DOM Distiller
Chromium has a similar reader mode to Firefox. In this case it's called DOM Distiller, which is an open source project.
All you need to do is run Chromium with the --enable-dom-distiller
flag to unlock the "Distill page" menu option or you can even make it persistent.
Not only does DOM Distiller provide a better reading experience by distilling the content of the page, it also simplifies pages for print. Even though the latter checkbox option has been removed from the print dialog, you can still print the distilled page, which basically has the same effect.
Running the upper flag, you will find a new "Distill Page" menu item.
You can reach the internal debug page by visiting chrome://dom-distiller
Forcing specific GPU
In multi-GPU systems, Chromium automatically detects which GPU should be used for rendering (discrete or integrated). This works 99% of the time, except when it doesn't - if a unavailable GPU is picked (for example, discrete graphics on VFIO GPU passthrough-enabled systems), chrome://gpu
will complain about not being able to initialize the GPU process. On the same page below Driver Information there'll be multiple GPUs shown (GPU0, GPU1, ...). There's no way to switch between them in a user-friendly way, but you can read the device/vendor IDs present there and configure Chromium to use a specific GPU with flags:
$ chromium --gpu-testing-vendor-id=0x8086 --gpu-testing-device-id=0x1912
...where 0x8086
and 0x1912
is replaced by the IDs of the GPU you want to use (as shown on the chrome://gpu
page).
Profile maintenance
Chromium uses SQLite databases to manage history and the like. Sqlite databases become fragmented over time and empty spaces appear all around. But, since there are no managing processes checking and optimizing the database, these factors eventually result in a performance hit. A good way to improve startup and some other bookmarks- and history-related tasks is to defragment and trim unused space from these databases.
profile-cleanerAUR and browser-vacuumAUR in the AUR do just this.
Security
WebRTC
WebRTC is a communication protocol that relies on JavaScript that can leak one's actual IP address and hardware hash from behind a VPN. While some software may prevent the leaking scripts from running, it's probably a good idea to block this protocol directly as well, just to be safe. As of October 2016, there is no way to disable WebRTC on Chromium on desktop, there are extensions available to disable local IP address leak, one is this extension.
One can test WebRTC via this page.
SSL certificates
Chromium does not have an SSL certificate manager. It relies on the NSS Shared DB ~/.pki.nssdb
. In order to add SSL certificates to the database, users will have to use the shell.
Adding CAcert certificates for self-signed certificates
Grab the CAcerts and create an nssdb
, if one does not already exist. To do this, first install the nss package, then complete these steps:
$ mkdir -p $HOME/.pki/nssdb $ cd $HOME/.pki/nssdb $ certutil -N -d sql:.
$ curl -k -o "cacert-root.crt" "http://www.cacert.org/certs/root.crt" $ curl -k -o "cacert-class3.crt" "http://www.cacert.org/certs/class3.crt" $ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "CAcert.org" -i cacert-root.crt $ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "CAcert.org Class 3" -i cacert-class3.crt
Now users may manually import a self-signed certificate.
Example 1: Using a shell script to isolate the certificate from TomatoUSB
Below is a simple script that will extract and add a certificate to the user's nssdb
:
#!/bin/sh # # usage: import-cert.sh remote.host.name [port] # REMHOST=$1 REMPORT=${2:-443} exec 6>&1 exec > $REMHOST echo | openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "$REMHOST" -i $REMHOST exec 1>&6 6>&-
Syntax is advertised in the commented lines.
References:
- http://blog.avirtualhome.com/adding-ssl-certificates-to-google-chrome-linux-ubuntu
- https://chromium.googlesource.com/chromium/src/+/master/docs/linux_cert_management.md
Example 2: Using Firefox to isolate the certificate from TomatoUSB
The firefox browser can be used to save the certificate to a file for manual import into the database.
Using firefox:
- Browse to the target URL.
- Upon seeing the "This Connection is Untrusted" warning screen, click: I understand the Risks > Add Exception...
- Click: View > Details > Export and save the certificate to a temporary location (
/tmp/easy.pem
in this example).
Now import the certificate for use in Chromium:
$ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "easy" -i /tmp/easy.pem
Reference:
Canvas Fingerprinting
Canvas fingerprinting is a technique that allows websites to identify users by detecting differences when rendering to an HTML5 canvas. This information can be made inaccessible by using the --disable-reading-from-canvas
flag.
To confirm this is working run this test and make sure "hash of canvas fingerprint" is reported as undetermined in the full results.
Privacy extensions
Popular privacy extensions for the Firefox browser are typically also available for Chromium. See Firefox/Privacy#Extensions for details.
ScriptBlock
ScriptBlock is similar to NoScript, which is a Firefox add-on. Both extensions stop a website from executing any kind of JavaScript. However, ScriptBlock is a much simpler design thus it's easier to use. It blocks JavaScript by default. You can allow and temporary allow JavaScripts. Once you allow them to run, it lets all the JavaScripts run on that page so you might want ScriptBlock to work in conjunction with Privacy Badger.
It's also worth checking it's default whitelist, which might be permissive to you.
Extension is available in the Chrome Web Store: ScriptBlock
ScriptSafe
ScriptSafe is a browser extension that gives users control of the web and more secure browsing while emphasizing simplicity and intuitiveness.
Check it on GitHub
Extension is available in the Chrome Web Store: ScriptSafe
Vanilla Cookie Manager
A Cookie Whitelist Manager for Chrome that helps protect your privacy. Automatically removes unwanted cookies. Cookies can be used for authentication, storing your site preferences or anything else that can be saved as text data. Unfortunately they can also be used to track you.
You could turn off cookies completely or just shut off third-party cookies. But that would also keep out useful cookies that many web apps rely upon to work (like Google Mail or Calendar).
With Vanilla you can select which cookies you want to keep on a whitelist. All unwanted cookies are deleted automatically (or manually if you prefer).
Vanilla Cookie Manager on GitHub
Extension is available in the Chrome Web Store: Vanilla Cookie Manager
Do Not Track
Chromium's 'Do Not Track' option is turned off by default.
To enable it, visit chrome://settings
, scroll down to Show advanced settings... and under Privacy, check Send a "Do Not Track" request with your browsing traffic.
Making flags persistent
You can put your flags in a chromium-flags.conf
file under $HOME/.config/
(or under $XDG_CONFIG_HOME
if you have configured that environment variable).
No special syntax is used; flags are defined as if they were written in a terminal.
- The arguments are split on whitespace and shell quoting rules apply, but no further parsing is performed.
- In case of improper quoting anywhere in the file, a fatal error is raised.
- Flags can be placed in separate lines for readability, but this is not required.
- Lines starting with a hash symbol (#) are skipped.
Below is an example chromium-flags.conf
file that defines the flags --start-maximized --incognito
:
# This line will be ignored. --start-maximized --incognito
See also
- Profile-sync-daemon - Systemd service that saves Chromium profile in tmpfs and syncs to disk
- Tmpfs - Tmpfs Filesystem in
/etc/fstab
- Official tmpfs kernel Documentation