GeckoView is not a WebView implementation

2019-07-18 13:49:53 -04:00 · 2019-07-18 13:49:53 -04:00 · 7f8ef75e8d
commit 7f8ef75e8d
parent 8395ef2eec
1 changed files with 13 additions and 12 deletions
--- a/static/usage.html
+++ b/static/usage.html
@ -283,18 +283,19 @@

            <p>Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable
            to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have
-            a WebView implementation, so it has to be used alongside the Chromium-based WebView
-            rather than instead of Chromium, which means having the remote attack surface of two
-            separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a
-            fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox
-            runs as a single process on mobile and has no sandbox beyond the OS sandbox. This is
-            despite the fact that Chromium semantic sandbox layer on Android is implemented via
-            the OS <code>isolatedProcess</code> feature, which is a very easy to use boolean
-            property for app service processes to provide strong isolation with only the ability
-            to communicate with the app running them via the standard service API. Even in the
-            desktop version, Firefox's sandbox is still substantially weaker (especially on Linux,
-            where it can hardly be considered a sandbox at all) and lacks support for isolating
-            sites from each other rather than only containing content as a whole.</p>
+            a WebView implementation (GeckoView is not a WebView implementation), so it has to be
+            used alongside the Chromium-based WebView rather than instead of Chromium, which means
+            having the remote attack surface of two separate browser engines instead of only one.
+            Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS
+            hardening work for apps. Worst of all, Firefox runs as a single process on mobile and
+            has no sandbox beyond the OS sandbox. This is despite the fact that Chromium semantic
+            sandbox layer on Android is implemented via the OS <code>isolatedProcess</code>
+            feature, which is a very easy to use boolean property for app service processes to
+            provide strong isolation with only the ability to communicate with the app running
+            them via the standard service API. Even in the desktop version, Firefox's sandbox is
+            still substantially weaker (especially on Linux, where it can hardly be considered a
+            sandbox at all) and lacks support for isolating sites from each other rather than only
+            containing content as a whole.</p>
        </div>
        <footer>
            <a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>