GrapheneOS

Pointing out a browser lacks Control Flow Integrity (https://bugzilla.mozilla.org/show_bug.cgi?id=510629), has more incomplete site isolation for their desktop sandbox and lacks a content sandbox on Android (https://bugzilla.mozilla.org/show_bug.cgi?id=1565196) should not result in harassment from their community or project members.

#GrapheneOS #privacy #security #vanadium #chrome #chromium #firefox #gecko #sandbox #SiteIsolation

510629 - (cfi) [meta] Ship Control Flow Integrity (CFI)

NEW (nobody) in Developer Infrastructure - Source Code Analysis. Last updated 2025-09-27.

Nov 26, 2023 at 3:07amWeb
Show threadGrapheneOSNov 26, 2023

Our thread about memory tagging explained that unlike Chrome and other Chromium-based browsers, Vanadium is now enabling it:

https://grapheneos.social/@GrapheneOS/111474206681843886

We explained where this provides benefits due to the WebView being used by other apps not using their own browser engine.

GrapheneOS (@[email protected])

Chromium barely uses the system allocator. It marks itself compatible with memory tagging but disables it by default. Latest release of Vanadium enables memory tagging, and we're going to improving it. This creates a much larger security gap between Vanadium and other browsers.

GrapheneOS Mastodon
Show threadGrapheneOSNov 26, 2023
Apps and browsers using the system WebView benefit from it. Browsers which are based on Chromium or Firefox/GeckoView do not benefit. Chromium-based browsers could enable it like Vanadium. It doesn't exist for Firefox yet. We also explained some other important differences.
Show threadGrapheneOSNov 26, 2023
Chromium supports type-based Control Flow Integrity, unlike Firefox. However, as we mentioned in our previous thread, it doesn't enable it on Android. Vanadium does enable it. Similarly, Chromium has better site isolation than Firefox while Firefox has better state partitioning.
Show threadGrapheneOSNov 26, 2023
Firefox has no sandbox site isolation on Android since there's no sandbox. Chromium supports weaker site isolation on Android to save memory, although it has a way to enable stricter isolation which they use on high memory devices. We use the full strict desktop-style isolation.
Show threadGrapheneOSNov 26, 2023
There are browsers with most of the security advantages of Chrome combined with stronger state partitioning and other privacy features than Firefox such as Brave. We should be able to discuss these and other topics without having toxicity directed towards us as often happens.
Show threadGrapheneOSNov 26, 2023

Explaining the advantages and disadvantages of different software based on factual information including why GrapheneOS exists is part of our work.

Explaining what's wrong with Chromium, how we're working on improving it and how it compares to other browsers isn't aggression.

Show threadGrapheneOSNov 26, 2023
The people involved in this share responsibility for the extreme harassment directed towards us including swatting attacks directly aiming to kill one of our developers via armed law enforcement in fear for their lives. You're not going to silence us and won't stop our R&D work.