I’m a recent GrapheneOS convert, and not a security researcher, so I can’t give you particularly deep insight. And I’m not quite sure what sort of opinions you’re looking for, so I’ll give you my general impressions
Vanadium disables JIT compilation, which supposedly accounts for a large percentage of browser exploits. Blink-based browsers in general are more equipped to deal with hostile sites and scripts, with better exploit mitigations and proper site isolation. I have no doubt they’re doing a good job in securing the browser. Brave is likely ahead in anti-fingerprinting and implements content-blocking while perhaps not having the same exploit mitigations, because Vanadium has been more security-focused until now. Vanadium is also simpler than Brave, which has a lot of features (even on mobile), so this could reduce attack surface.
Regular web surfers might expect content blocking to be included in the browser, but Vanadium does not provide this. It also does not allow you to install extensions, but given that I’m coming from iOS…I’m not missing anything. Vanadium plans to eventually implement content-blocking. This marks the first time I’ve seen an advertisement on the web in months.
However, Vanadium gives you no way to turn off browsing history without going into incognito mode, which also doesn’t let you persist cookies. This is, in general, a bizarre blind spot in browsers based on the Blink engine. Even the desktop browsers don’t let you turn off history without going into incognito mode, though they at least let you only keep it for the session.
The only issue with browsing in incognito mode in Vanadium, besides lack of cookies, is the inability to create a PWA in that mode. I really don’t know why you can’t do that. You can even open PWAs in incognito mode by turning on “Open links in incognito”. Another glaring omission, though this is intentional because upstream Android Chromium doesn’t do this, is the inability to add custom search engines. Vanadium needs to pick this up from the OpenSearch metadata; you can’t just add a new URL like in Firefox. This is still far better than Safari, which doesn’t provide any way of adding search engines outside of the blessed list of Bing, Google, and Bing-by-proxy. I wish they at least gave you Wikipedia, too…
I’ve always been a big fan of Firefox. Allowing you to just turn off history without messing with cookies is great. You can also delete cookies individually, rather than “in the last hour” or “last day” or “last 7 weeks”, which is as far as most desktop Blink-based browsers will go. But I also much prefer the design of Firefox and the ability to add a dedicated search box instead of only using the omnibar like every modern browser forces you to do. The dedicated search box makes it far easier to switch between search engines, which is something I do a lot (though I also use the omnibar for search shortcuts like Wikipedia).
I’m really not much of a phone user, though, so I’m not that picky about browsers. Even when I do use my phone, I am rarely using the browser (more likely, I am doing things that can only be done on apps), so Vanadium is just fine for me. The big differences in usability come into play more in the desktop version of Firefox. One thing that does bug me on Vanadium is how the tab button is at the top, rather than directly above the 3rd Android navigation button. It would be nice to have it at the bottom. Oh, and it would be nice to have the ability to turn off web fonts…
Also, Firefox is not a great choice if you’re coming at it from a security perspective, because as mentioned, Blink-based browsers are ahead in exploit mitigations. I haven’t looked at Bromite, but Vanadium is a great choice for GrapheneOS users. I haven’t seen any reason to seek out another browser; and if I did, it certainly wouldn’t be for better security.
Edit: Oh, and based on the app description, it is intended for use mainly with GrapheneOS. You won’t get some of the security benefits if you try to use it with regular Android:
Vanadium is a privacy and security hardened variant of Chromium providing the WebView (used by other apps to render web content) and standard browser for GrapheneOS. It depends on hardening and compatibility fixes in GrapheneOS rather than reinventing the wheel inside Vanadium. For example, GrapheneOS already provides a hardened malloc implementation so there’s no need for Vanadium to replace it. Similarly it can deploy security features causing breakage on other operating systems due to the ability to fix compatibility problems in the OS.