:)

Is it possible to verify chromedriver and chromium builds by sha256 or sha512 or a similarly secure checksum? Version selection (https://chromedriver.chromium.org/downloads/version-selection) doesn't mention this and also the chromedriver release I want to use (https://chromedriver.storage.googleapis.com/index.html?path=99.0.4844.51%2F) has no shasum nor gpg signatures. Am I overlooking something?

Secondly, the googleapi seems to allow various other methods and an md5 checksum ( which is insecure, I know) but I can't even seem to query that for a chromium build? Where is this documented?

I know I can query a release:

• I can get this overview: https://www.googleapis.com/storage/v1/b/chromium-browser-snapshots/o
• I can query this to get the latest change: https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2FLAST_CHANGE?alt=media
• and download some REVISION by calling: https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F$REVISION%2Fchrome-linux.zip?alt=media

But what else can I query? Google has some docs about their googleapi-useage but I didn't see how their docs for the storage API applies to this.

Drive-by-downloads are THE main attack vector for e.g. intrusive governments to bug people.

I also posted this to the chromium user (google) group, but got no reply yet. If this is against some SO rule that wasn't my intention (https://groups.google.com/g/chromedriver-users/c/46aqmfFUDOA).

And last but not least: Would it be useful to publish checksums by myself (for let's say the last even version) via a GitHub project? Or maybe even mirror the releases via GH releases?