search

eylenburg / eylenburg.github.io

https://eylenburg.github.io/
Creative Commons Attribution Share Alike 4.0 International
119 stars 12 forks source link

CalyxOS: hardened webview #48

Closed lucasmz-dev closed 2 months ago

lucasmz-dev commented 2 months ago

CalyxOS has a hardened webview, with patches taken from Cromite.

Their Chromium implemented doesn't change the name though (but will the icon soon), which is something specified on the page, it is currently just referred to as "CalyxOS' Chromium".

matchboxbananasynergy commented 2 months ago

In what way is Cromite hardened? From my perspective, there seems to be a lot of added attack surface to the browser, such as the support for JPEG XL, along with the Eyeo attack surface for the adblocking functionality which I believe applies to the WebView as well.

Additionally, Cromite does not support CFI (it used to, but it broke and it never fixed it to be able to re-enable it).

I don't think Cromite is actually hardened, and I'm not sure that its author would claim that, either.

SkewedZeppelin commented 2 months ago

Calyx's Cromite fork supports does not support CFI or MTE.

lucasmz-dev commented 2 months ago

I need to look into this further sometime, for now I'll close this. They should have a few privacy patches which don't go unappreciated. I suppose hardened can be understood differently. I need to check which ones apply to WebViews etc.