How does it stack up in terms of security? To me the idea of hackability is a bit conflicting with all the security features of modern browsers. The web is basically the main attack surface today, so I wouldn't use a niche browser engine.
In terms of the browser itself, it’s not niche browser engine. The engine is Chromium (via Electron) by default, though WebKit is also supported as a compile time option.
So that should bring the same safeguards in terms of sandboxing from drive-by attacks.
Then risk here is code that has execution permissions outside of that sandbox. But here, that’s no different to running any kind of untrusted code (eg shell script, ELF, etc) on your local machine.
Exactly my thought when I read the post. While I love the hackability of Emacs, it’s one thing if it’s just your editor with a security hole and another thing entirely if you’re downloading and interpreting pages (and JavaScript?) from the Internet cesspool with a browser with a security hole.
hnlmorg|6 months ago
In terms of the browser itself, it’s not niche browser engine. The engine is Chromium (via Electron) by default, though WebKit is also supported as a compile time option.
So that should bring the same safeguards in terms of sandboxing from drive-by attacks.
Then risk here is code that has execution permissions outside of that sandbox. But here, that’s no different to running any kind of untrusted code (eg shell script, ELF, etc) on your local machine.
drob518|6 months ago