Not really anymore. Mozilla has been doing a lot here in recent months, too. The foundation for most of these performance improvements is the recent introduction of multiprocess, which also allowed them to introduce sandboxing in many more places.
To my knowledge, the only bigger architectural difference now is that Chrome sandboxes each tab individually, unless they're from the same domain as another tab, whereas Firefox by default only uses as many processes as you have CPU cores and then round-robins your tabs among those.
This is for performance reasons: You still get almost the same parallelism, but much less RAM usage especially with lots of tabs, and then that free RAM can again be used to speed things up elsewhere.
You can however configure this. Set dom.ipc.processCount in about:config to as many processes as you want to maximally use. If you set it to a really high number, like 1000, then it will create a new process for each tab (until you open your 1001st tab) and those will then all be individually sandboxed.
Another big security difference were extensions. Firefox previously with the classic Linux approach of "If it's installed, it's trusted".
Now they have the same extension model as Chrome with a number of additional APIs. Those APIs are potential security holes, but also allow the implementation of better security, for example NoScript is being ported to Firefox 57, still can't be ported to Chrome.
Well, and then going away from the model itself, Mozilla enables much better security on the extension side, again with the Linux approach, by reviewing extensions and extension updates before they allow the publication. I'd have no concern with my mum installing whatever extension she wants in her Firefox. With Chrome, I would be concerned.
Lastly, only some of us are security super humans. Chrome always gives an option for security to calm security people, but if it benefits Google, they'll leave this option off by default, even if it should clearly be default on.
For example Sync in Firefox is end-to-end-encrypted by default. Only one password needed. In Chrome, it's not. Because Google wants to evaluate your browsing history, bookmarks etc. You can have E2EE, but you need to separately enable it and use a second password for it.
Again, fine for security super humans, but the fewest of us understand browsers enough to know about all potential security holes and we simply do need to rely on browser vendors for our own security.
Don't think Google has actually fixed that Auto-Fill phishing attack either yet, which comes up around here every half year or so.
To my knowledge, the only bigger architectural difference now is that Chrome sandboxes each tab individually, unless they're from the same domain as another tab, whereas Firefox by default only uses as many processes as you have CPU cores and then round-robins your tabs among those.
This is for performance reasons: You still get almost the same parallelism, but much less RAM usage especially with lots of tabs, and then that free RAM can again be used to speed things up elsewhere.
You can however configure this. Set dom.ipc.processCount in about:config to as many processes as you want to maximally use. If you set it to a really high number, like 1000, then it will create a new process for each tab (until you open your 1001st tab) and those will then all be individually sandboxed.
Another big security difference were extensions. Firefox previously with the classic Linux approach of "If it's installed, it's trusted".
Now they have the same extension model as Chrome with a number of additional APIs. Those APIs are potential security holes, but also allow the implementation of better security, for example NoScript is being ported to Firefox 57, still can't be ported to Chrome.
Well, and then going away from the model itself, Mozilla enables much better security on the extension side, again with the Linux approach, by reviewing extensions and extension updates before they allow the publication. I'd have no concern with my mum installing whatever extension she wants in her Firefox. With Chrome, I would be concerned.
Lastly, only some of us are security super humans. Chrome always gives an option for security to calm security people, but if it benefits Google, they'll leave this option off by default, even if it should clearly be default on.
For example Sync in Firefox is end-to-end-encrypted by default. Only one password needed. In Chrome, it's not. Because Google wants to evaluate your browsing history, bookmarks etc. You can have E2EE, but you need to separately enable it and use a second password for it.
Again, fine for security super humans, but the fewest of us understand browsers enough to know about all potential security holes and we simply do need to rely on browser vendors for our own security.
Don't think Google has actually fixed that Auto-Fill phishing attack either yet, which comes up around here every half year or so.