security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

add hybrid PQC to Vanadium features

Browse Source
This commit is contained in:
Daniel Micay 2024-04-28 09:49:10 -04:00
parent 855cf454e3
commit de8c03b604
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
static/features.html
View File

@ -880,19 +880,23 @@
<li>Type-based Control Flow Integrity (CFI)</li> <li>Type-based Control Flow Integrity (CFI)</li>
<li>Hardware memory tagging (MTE) enabled for the main allocator</li> <li>Hardware memory tagging (MTE) enabled for the main allocator</li>
<li>Strict site isolation and sandboxed iframes</li> <li>Strict site isolation and sandboxed iframes</li>
<li>JavaScript JIT disabled by default with per-site toggle via drop-down permission menu</li> <li>JavaScript JIT disabled by default with per-site toggle via drop-down
permission menu</li>
<li>Native Android autofill implementation to avoid needing sandboxed Google <li>Native Android autofill implementation to avoid needing sandboxed Google
Play for autofill support</li> Play for autofill support</li>
<li>WebGPU disabled for attack surface reduction</li> <li>WebGPU disabled for attack surface reduction</li>
<li>WebRTC IP handling policy toggle to control peer-to-peer WebRTC mode</li> <li>WebRTC IP handling policy toggle to control peer-to-peer WebRTC mode</li>
<li>Compiler hardening: automatic variable initialization, strong stack protector, well-defined signed overflow</li> <li>Compiler hardening: automatic variable initialization, strong stack
protector, well-defined signed overflow</li>
<li>High performance content filtering engine using EasyList + EasyPrivacy <li>High performance content filtering engine using EasyList + EasyPrivacy
with per-site toggle via drop-down permission menu</li> with per-site toggle via drop-down permission menu</li>
<li>More complete state partitioning without origin trial opt-out</li> <li>More complete state partitioning without origin trial opt-out</li>
<li>High entropy client hints are replaced with the frozen user agent values to avoid leaking device/OS info</li> <li>High entropy client hints are replaced with the frozen user agent values
to avoid leaking device/OS info</li>
<li>Battery API always shows the battery as charging and at 100% capacity</li> <li>Battery API always shows the battery as charging and at 100% capacity</li>
<li>Trivial subdomain hiding disabled</li> <li>Trivial subdomain hiding disabled</li>
<li>Consistent browser behavior across users without usage of feature flags and seed-based trials</li> <li>Consistent browser behavior across users without usage of feature flags
and seed-based trials</li>
<li>Nearly all remote services disabled by default or removed. Only connects <li>Nearly all remote services disabled by default or removed. Only connects
to GrapheneOS servers by default. There are only 2 default services: to GrapheneOS servers by default. There are only 2 default services:
component updates such as certificate authority and certificate revocation component updates such as certificate authority and certificate revocation
@ -903,6 +907,9 @@
and share intents in Incognito mode</li> and share intents in Incognito mode</li>
<li>Option to reduce or disable sending cross-origin referrer information <li>Option to reduce or disable sending cross-origin referrer information
sharing where a link was opened</li> sharing where a link was opened</li>
<li>Hybrid post-quantum cryptography enabled by default to match the
behavior of Chromium on desktop since the devices we support are more
than fast enough</li>
</ul> </ul>
<p>Better default settings, including non-user-facing flags:</p> <p>Better default settings, including non-user-facing flags:</p>