Chromium is technically free software, yes, but it's a horrible example of it. Because Google entirely controls code contributions to it. Only a fork could be amended the way that the community wants it.

The same is obviously true for Firefox, with Mozilla being the gatekeeper, but this is where non-profit vs. for-profit does come back into play.

As for bad things in Chromium, as well as a fork that tries to fix it: https://github.com/Eloston/ungoogled-chromium

As for news articles: When Mozilla does things, they're open about it, which is why news articles get written about their fuck-ups. And they're held to a much higher standard by journalists, as they are a non-profit.

When Google does something shitty on the other hand, people are quick to dismiss it as them needing to make money somehow. And there's lots of instances where Firefox goes the extra mile, where Chromium conveniently forgets about it and then no one blames them, because it is the extra mile, not the standard among browsers.

A prominent example is Chrome Sync. It's not end-to-end-encrypted and Google does state in their Privacy Policy that they use the browsing history submitted to them with Sync for other purposes. Your browsing history being stored on Google's server in decryptable form also means that NSA, CIA, FBI have access to it. You can make it end-to-end-encrypted, which however requires a second password and is therefore something that only users will do that really care about it. Basically, it's there to calm those that would complain otherwise. Firefox Sync is end-to-end-encrypted by default, only one password needed.

And this is just the biggest and clearest example. We're talking about millions of lines of code with tens of thousands of design decisions. Google will have opted every time for the option that's not yet quite bad enough to gather bad press. Mozilla on the other hand has no reason not to protect users, if possible, even if it does not gather them good press.