OpenBSD 6.8-stable packages are in a different directory, the ones you linked are -release packages which are unchanged since OpenBSD 6.8 was released.
The OpenBSD package tools will automatically prefer newer packages from this location.
That being said, this is a best effort, not all packages receive updates, security fixes for chromium cannot backported to 6.8-stable due to significant changes between versions, and it would be a major burden for the maintainers to update to later versions without potentially also needing to update other ports dependencies. ABI breakages cannot happen on -stable.
There are newer versions of chromium available for users who follow -current and are running 6.9-beta snapshots.
Yeah, well that's kind of my point. Recommending new users to install stable OpenBSD as their work/home PC/laptop is irresponsible, especially if the lack of updates (presented as stability / ease of maintanence) is explicitly mentioned.
Who's recommending it? It's up to the user to decide whether to stick with -release/-stable, with the understanding that packages won't see significant updates or new features until they upgrade to the next release in 6 months. But they have the option of following -current and testing the same snapshots developers are running on their laptops, and they can even help contribute so that the next release has even more tested and up-to-date packages.
The OpenBSD documentation does not really make that balance clear to the new user though. And of course there is no mechanism for regular updates either.
> New users should be running either -stable or -release.
EDIT: Haven't used OpenBSD in a while, but unless I'm misreading https://www.openbsd.org/faq/faq10.html, syspatch & binary patches only apply for release branches - in which case you would need to either deal with obsolete packages or compile them yourself. On the other hand if you where to track -stable branch you would get semi-regular binary packages (not everything for example no chromium, but at least you get firefox), but in that case syspatch won't work and you'd need to recompile kernel & userland.
Also, which exactly packages get updates is completely non-transparent for the end user if they follow official instructions.
> And of course there is no mechanism for regular updates either.
Not true. There is both syspatch(8) to apply binary updates and sysupgrade(8) to upgrade to the next release or snapshot. And there are regular packages available for -stable and -current.
> New users should be running either -stable or -release. That being said, many people do run -current on production systems to help catch bugs and test new features.
Is the full quote from the page you linked. I won't reply to you further as it's clear from other replies here you have an agenda.
But neither syspatch nor sysupgrade apply to stable branch, meaning you'll be running release and if that's how you're keeping your desktop system updated - you're definitely using vulnerable browser, as in this scenario neither firefox nor chromium will get updated until the next release.
current branch is very clearly not meant for new users, that's mentioned in various faqs multiple times.
https://cdn.openbsd.org/pub/OpenBSD/6.8/packages-stable/
The OpenBSD package tools will automatically prefer newer packages from this location.
That being said, this is a best effort, not all packages receive updates, security fixes for chromium cannot backported to 6.8-stable due to significant changes between versions, and it would be a major burden for the maintainers to update to later versions without potentially also needing to update other ports dependencies. ABI breakages cannot happen on -stable.
There are newer versions of chromium available for users who follow -current and are running 6.9-beta snapshots.
https://cdn.openbsd.org/pub/OpenBSD/snapshots/packages/