Well, don’t get caught up in unimportant distinctions. Security vs. privacy depends on the relationships between the subject of data, the holder of data and those seeking to use the data. Consider the relationships between browser end users, Google, and the parties who provide Google’s revenue. If we want to distinguish privacy from security here, we have to argue about how to characterize these relationships and hash through the details of the flow of data. It’s pointless and unhelpful.
I would trust Chrome to flash GrapheneOS to my Pixel — that's security.
I do not trust it not to report back that I use GrapheneOS, or which internet communities I visit, back to Google for use in who knows what data correlation research — that's privacy.
But I wonder what your definitional difference is.
I think a security issue is one that allows another party to take information or property you have without your consent, and use it for their gain without regard for the harm it may do to you or others.
It's arguable, but I believe that's at the core of Google's business model with regard to Chrome users.
