Debian Repo Saves the Day!
Debian still maintains Chromium as a regular package in their APT repository. We can configure Ubuntu to get it from there, and continue to receive timely security updates along with all of our other OS updates. This makes sense from a security perspective, since Debian is where Ubuntu already gets most of its packages, and is a very well known high-profile project. There is no need to risk installing software from some random source or telling your system to trust a PPA.
Obligatory Warning: This is entirely unsupported and could conceivably cause problems either immediately or in the future. If you break something, it's your own fault.
Here's what I did on Ubuntu 19.10:
sudo apt update && sudo apt upgrade
That brings all my already-installed Ubuntu packages up to date, so it will be easier to see how upgrades are affected after I make my changes.
snap remove chromium
Bye bye, annoying snap.
sudo apt purge chromium-browser chromium-chromedriver
Bye bye, fake Chromium packages. (You can leave out the chromium-chromedriver part if that package isn't installed on your system.)
umask 22
That just makes sure that the files I create will be readable by everyone, including the system.
Create an /etc/apt/sources.list.d/debian-stable.list file containing:
deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian stable main
deb-src [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian stable main
deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian-security/ stable/updates main
deb-src [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian-security/ stable/updates main
deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian stable-updates main
deb-src [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian stable-updates main
That tells apt to look for packages not only in the Ubuntu archives, but also in the Debian stable archives. This is ordinarily a bad idea, because you don't want hundreds of random Ubuntu packages being replaced with Debian versions, which would very likely break your system. However, we're going to add some rules to avoid this problem.
Note: The /usr/share/keyrings/debian-archive-keyring.gpg file referenced above, along with several other Debian keyring files, are already present on my Ubuntu system thanks to the debian-archive-keyring package. It may already be on your system, too, but if not, you should install it: sudo apt install debian-archive-keyring
Create an /etc/apt/preferences.d/debian-chromium file containing:
Explanation: Allow installing chromium from the debian repo.
Package: chromium*
Pin: origin "*.debian.org"
Pin-Priority: 100
Explanation: Avoid other packages from the debian repo.
Package: *
Pin: origin "*.debian.org"
Pin-Priority: 1
The first stanza assigns a below-normal priority to Debian Chromium packages; just high enough to allow them to be manually installed and automatically updated, but not high enough to be preferred over Ubuntu packages. This is called apt pinning, and is described in the apt_preferences manual. The second stanza assigns a very low priority to all other Debian packages, so they will only be automatically installed or updated if necessary to satisfy a dependency.
(I suppose I could have assigned a much higher priority to Debian's Chromium packages if I needed them to override Ubuntu's, but since they use different package names, no overriding is necessary. I could also have pinned all of the Debian repo at priority 100; that would make any Debian-only dependencies eligible for automatic updates, effectively treating the Debian repo like Ubuntu Backports in manual install mode. I chose the more conservative approach just to be cautious.)
sudo apt update
That refreshes the package database, so my Ubuntu system now knows about everything in the Debian archives that I added.
apt upgrade --simulate
That shows me what a system-wide package upgrade would do, without actually doing it. Since I already did an upgrade before making any changes, I don't expect to see any upgradable packages listed here.
If one or two upgradable packages were listed, it could mean that Ubuntu happened to release some updates while I was working, which is normal. I would ask apt where each of those updates come from before proceeding, with apt policy package-name. If any of them were from the Debian archives, I would consider reverting my changes, by removing the files I created and running sudo apt update again.
If many upgradable packages were listed, it would probably mean that apt now thinks Debian's packages are valid replacements for Ubuntu's packages, which I do not want. This would happen if I made a mistake in those files I created. I would revert my changes, by removing the files I created and running sudo apt update again. I might then consider starting over and typing more carefully.
All was well at this point (no upgradable packages were listed), so I proceeded.
sudo apt install chromium
The package manager then asked me to confirm, listing chromium and a small handful of dependency packages needed by Chromium. Once again, if many packages were listed here, I would investigate and consider reverting my changes. (I investigated each dependency anyway, because I'm careful, and found that only one of the dependencies was coming from the Debian archive: libjpeg62-turbo, and it doesn't conflict with anything I have installed.) All looked well, so I told the package manager to proceed.
When it finished, Chromium was finally installed as an apt package. Thanks, Debian maintainers!
I don't use any snaps, so the next thing I did was to look in the snap directory in my home dir, make sure there was nothing in there that I needed, and then drop it in the trash. If you want to do the same, consider first that any user data that you created/modified/saved in Chromium since the snap was first installed lives somewhere under that snap folder. (Probably under snap/chromium/current/.config which is hidden by default in most file managers.) You might want to back it up or move it to chromium's usual data directory: $HOME/.config/chromium. In my case, the Chromium data that I wanted to keep was still in its old/usual place, since I had only used the snap for about five minutes.
That's it. I hope it helps someone. If it damages your system, steals your bike, runs off with your boyfriend, or does something else that you don't like, then I'm sorry, but it's still your own responsibility.
Good luck!
Best Answer
According to Firejail's man page which you can access by the command
man firejail, they do not support snap packages.