madaidans-insecurities
commented
2 years ago Thanks; fixed by https://github.com/madaidans-insecurities/madaidans-insecurities.github.io/commit/e97e5daeb19cdaf76aea44d0b893e69850df8fc7
Additionally I feel it is important to mention that by default, Chromium on android does not have full site isolation, forks like Vanadium do though.
This is misleading. Chromium on Android has the exact same form of site isolation as other platforms; it simply doesn't apply to as many websites due to memory constraints on mobile devices. Site isolation on Android applies to every website with a password prompt or COOP header, as well as other heuristics, which covers a substantial amount of websites that people will typically visit. Users can also manually configure Chromium to enable it globally, which Vanadium can do by default since its target devices have the necessary RAM. This isn't a problem of Chromium specifically — any browser attempting to implement site-per-process globally will run into the same issues on devices with limited RAM.
In your analysis of Firefox and Chromium security, it is claimed that "Firefox does not have a multi-process architecture" on Android, which I believe is no longer the case. My personal understanding is that Fenix has a parent process, two content processes, a remote data decoder process, and a GPU process as of a few days ago. Additionally I feel it is important to mention that by default, Chromium on android does not have full site isolation, forks like Vanadium do though.
https://bugzilla.mozilla.org/show_bug.cgi?id=1530770 https://bugzilla.mozilla.org/show_bug.cgi?id=1331109