Supermium

[mjd79]

I have reviewed Supermium versions 122 through 132 R1, and I believe that even if the theory about the older engine is true, it uses the same as Supermium 124, not 122. The 122 version differs too much in my opinion, if only in the imports and wrappers used (e.g. since version 124 uses APIs such as DiscardVirtualMemory) . Besides, going into chrome://versions on Supermium 122, 124, 126 R7 and 132 R1, I discovered that the latest version of Supermium probably uses the --no-sandbox flag by default under Windows 8.1, and in the version for older systems, as well as the version for Win 10 and 11, which interestingly continues to work after replacing DiscardVirtualMemory with VirtualAlloc.

Edited March 29 by mjd79

[Klemper]

23 hours ago, mjd79 said:

Besides, going into chrome://versions on Supermium 122, 124, 126 R7 and 132 R1, I discovered that the latest version of Supermium probably uses the --no-sandbox flag by default

It indeed runs without sandbox, people already started asking these inconvenient questions after D.Draker and you began to dig deeper into this browser. I knew there was something wrong with this browser, all those warnings about malware, now you discovered it has no sandbox, which is in the top of security risks!

Besides:

No smoke without fire! The first suggestion in the searches, Supermium and the word virus after it.

Edited March 30 by Klemper

[Klemper]

I fired up my old Vista notebook with CatsXP, it's based on the oldish Chromium 115, I had no troubles logging into Twitch, and zero warnings like described on github!

Again, Chromium 115 from two years ago has no troubles with Twitch! I suspect Supermium might even be older than @D.Draker thinks.

[mjd79]

Then the likelihood is that Supermium 124 and above are based on Chrome 111 or similar, and Supermium 122 and older are based on 110, 109 or even older.

Edit: As I see, I am not the only one who discovered this sandbox problem and it has already been reported on github. It will be interesting to see how the author responds to this.

https://github.com/win32ss/supermium/issues/1290

Edited March 30 by mjd79

[NotHereToPlayGames]

10 hours ago, Klemper said:

I suspect Supermium might even be older

 

1 hour ago, mjd79 said:

Then the likelihood is that Supermium 124 and above are based on Chrome 111 or similar, and Supermium 122 and older are based on 110, 109 or even older.

 

I kind of still think that this is an Unproven Hypothesis and akin to "misinformation".  Our one (and ONLY ONE?) variable is TWITCH.

All other sites are behaving as they should (even the British Gas site) once the end-user swaps the flag defaults that Supermium swapped behind the scene.

Seems we should be finding ways to PROVE this before we keep spreading it as "gospel".

[mjd79]

In any case, the disabled sandbox, without any information on github or in the browser itself (other than chrome://version or chrome://sandbox, which 99% of users will never look into), is simply a scandal!

https://no-sandbox.io/

Edited March 30 by mjd79

[Dave-H]

I'm well aware that deception is possible, but Supermium 126 appears legit when tested here.
It's spoofing version 130 in its default User Agent string, but we all knew that.
I don't know about version 132, as I haven't installed it yet.
I'm waiting for at least one more update before I do!

[NotHereToPlayGames]

2 hours ago, Dave-H said:

appears legit when tested here

I just did that test ( https://chromiumchecker.com/ ) using Supermium 132 and it passes all v132 and older checks, it fails v133 thru v135 pre-release checks.

Supermium 132 is "faking" user agent and client hints as pretending to be v133.

But *SMART WEB SITES* know better, LIKE THIS TEST SITE, all it takes is ONE javascript test to prove that a claimed user agent and client hints (despite them both "matching" each other) is actually FAKED.

I tested in Win10 with all default flags.  Will test in XP shortly.

Edited March 30 by NotHereToPlayGames

[NotHereToPlayGames]

6 minutes ago, NotHereToPlayGames said:

I tested in Win10 with all default flags.

Enabling experimental javascript and experimental web platform features results in chromiumchecker to PASS v135 pre-release checks and PASS one of the v133 checks, but still FAILS the v134 check.

[VistaLover]

1 hour ago, mjd79 said:

the disabled sandbox, without any information on github

... Please, STOP spreading untruths! The code is there on GitHub for those willing to read it; after all, Supermium is still OPEN source (minus the wrapper DLLs, that is): 

https://github.com/win32ss/supermium/issues/1290#issuecomment-2764577016

[VistaLover]

1 hour ago, Dave-H said:

It's spoofing version 130 in its default User Agent string

126-r7 spoofs v132, for better webcompat  : 

[NotHereToPlayGames]

18 minutes ago, NotHereToPlayGames said:

Will test in XP shortly.

IDENTICAL results in XP.

Personally, all of this "chitter-chatter" hinting/suggesting/accusing Supermium of being an older engine is FALSE, "misinformation", and "slanderous".

None of us do MSFN any "justice" when all we do is go around "following" our 'favorite Lemming' over the cliff.  My two cents...

[NotHereToPlayGames]

7 minutes ago, VistaLover said:

126-r7 spoofs v132, for better webcompat

That seems perfectly fair and legit.  Afterall, all of Roytam's and Feodor's releases spoof useragent overrides for the same exact "better webcompat" reasons.

[mjd79]

12 minutes ago, VistaLover said:

... Please, STOP spreading untruths! The code is there on GitHub for those willing to read it; after all, Supermium is still OPEN source (minus the wrapper DLLs, that is): 

https://github.com/win32ss/supermium/issues/1290#issuecomment-2764577016

Ok, you can find information about this in the source code, but there should be mentions with the releases themselves that Supermium 132 is much less secure than 126 with a working sandbox.

[Dave-H]

50 minutes ago, VistaLover said:

126-r7 spoofs v132, for better webcompat  : 

Ah right, I'm still using R6.