security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

GeckoView is not a WebView implementation

Browse Source
This commit is contained in:
Daniel Micay 2019-07-18 13:49:53 -04:00
parent 8395ef2eec
commit 7f8ef75e8d
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
static/usage.html
View File

@ -283,18 +283,19 @@
<p>Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable <p>Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable
to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have
a WebView implementation, so it has to be used alongside the Chromium-based WebView a WebView implementation (GeckoView is not a WebView implementation), so it has to be
rather than instead of Chromium, which means having the remote attack surface of two used alongside the Chromium-based WebView rather than instead of Chromium, which means
separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a having the remote attack surface of two separate browser engines instead of only one.
fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS
runs as a single process on mobile and has no sandbox beyond the OS sandbox. This is hardening work for apps. Worst of all, Firefox runs as a single process on mobile and
despite the fact that Chromium semantic sandbox layer on Android is implemented via has no sandbox beyond the OS sandbox. This is despite the fact that Chromium semantic
the OS <code>isolatedProcess</code> feature, which is a very easy to use boolean sandbox layer on Android is implemented via the OS <code>isolatedProcess</code>
property for app service processes to provide strong isolation with only the ability feature, which is a very easy to use boolean property for app service processes to
to communicate with the app running them via the standard service API. Even in the provide strong isolation with only the ability to communicate with the app running
desktop version, Firefox's sandbox is still substantially weaker (especially on Linux, them via the standard service API. Even in the desktop version, Firefox's sandbox is
where it can hardly be considered a sandbox at all) and lacks support for isolating still substantially weaker (especially on Linux, where it can hardly be considered a
sites from each other rather than only containing content as a whole.</p> sandbox at all) and lacks support for isolating sites from each other rather than only
containing content as a whole.</p>
</div> </div>
<footer> <footer>
<a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a> <a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>