Lixiris Firefox sends data to multiple Google services by default and Vanadium does not, so you have that backwards.
Firefox on mobile and Mull have no sandboxing. Mull is not security hardened but rather privacy hardened.
BluishHumility Vanadium fully intends to add substantial privacy features. It already has added privacy features and is in the process of adding much more. It takes us longer to do these things since we care about doing them properly. We want to avoid having huge holes in the state partitioning for cookies.
missing-root That's wrong about Vanadium. It does reduce the device information that's sent by forcing the frozen user agent header and using fake values for client hints based on it.
Vanadium does have state partitioning and anti-fingerprinting improvements which are being expanded. Anti-fingerprint doesn't actually work when using any niche browser or niche configuration though, only a mainstream browser on a small set of hardware models with partitioning by default can hope to prevent easy fingerprinting. Safari is the only candidate for that. Firefox with custom settings is more easily fingerprintable, not less. We're in the process of implementing full state partitioning including support for fully partitioned cookies instead of very weakly partitioned cookies like Safari, Brave and Firefox with major bypasses to keep sites working. We can do that by default, but with a simple toggle for full partitioning.
Chromium doesn't really use malloc. They reroute everything to PartitionAlloc. Vanadium has memory tagging enabled for PartitionAlloc when available (Pixel 8 and Pixel 8 Pro), unlike other Chromium-based browsers. We plan to add more hardening to PartitionAlloc just like we've added hardening that's now partially upstream for the Linux kernel slab allocator. It would be better to outright replace these allocators as we do with the main allocator in the OS (malloc) but we can't do everything ourselves with our limited resurces.