Closed lucasmz-dev closed 2 months ago
In what way is Cromite hardened? From my perspective, there seems to be a lot of added attack surface to the browser, such as the support for JPEG XL, along with the Eyeo attack surface for the adblocking functionality which I believe applies to the WebView as well.
Additionally, Cromite does not support CFI (it used to, but it broke and it never fixed it to be able to re-enable it).
I don't think Cromite is actually hardened, and I'm not sure that its author would claim that, either.
Calyx's Cromite fork supports does not support CFI or MTE.
I need to look into this further sometime, for now I'll close this. They should have a few privacy patches which don't go unappreciated. I suppose hardened can be understood differently. I need to check which ones apply to WebViews etc.
CalyxOS has a hardened webview, with patches taken from Cromite.
Their Chromium implemented doesn't change the name though (but will the icon soon), which is something specified on the page, it is currently just referred to as "CalyxOS' Chromium".