Chromium is far more secure than Firefox. Firefox's sandboxing and exploit mitigations are much poorer than Chromium's. This article is not blindly hating on Firefox but is a factual analysis of its weaknesses.
Sandboxing is a technique used to isolate certain programs to prevent a vulnerability in them from compromising
the rest of the system. All common browsers nowadays include a sandbox. The browser splits itself up into different
processes (e.g. the content process, GPU process, etc.) and sandboxes them individually. It is very important
that a browser uses a sandbox. Otherwise, any exploit in the browser can be used to take over the rest of the system.
With a sandbox, they would need to chain their exploit with an additional sandbox escape vulnerability.
However, sandboxes are not black and white. Just having a sandbox doesn't do much if it's full of holes.
Firefox's sandbox is quite weak for the following reasons:
isolatedProcess
feature along with a more strict seccomp-bpf filter.
Exploit mitigations are self-explanatory. They mitigate certain types of exploits. Firefox lacks many important mitigations while Chromium generally excels in this area.
Firefox does have some parts written in Rust, a memory-safe language,
but the majority of the browser is still written in memory-unsafe languages so this isn't anything substantial and
Chromium is working on switching to memory-safe
languages too.
Firefox also uses RLBox but this
is only used to sandbox a single library, Graphite and again, is not anything substantial.