On 7/20/22 15:56, Michael Catanzaro wrote:
On Wed, Jul 20 2022 at 04:29:40 PM +0200, Kevin Kofler via devel devel@lists.fedoraproject.org wrote:
That is not a reasonable solution. Those applications need embedded HTML in the UI, not a separate browser window. And it does not help at all if the browser that is shelled out to itself uses QtWebEngine.
I presume it uses a sandboxed multiprocess architecture anyway, like upstream Chromium. Is it not true?
If so, it's surely one of the most secure packages we have in Fedora. Of course, that's no good excuse to fall behind on security updates. But I have high confidence in Chromium's sandbox.
There have been vulnerabilities, both in Chromium and (I believe) in the kernel, which can be used for sandbox escapes. Those vulnerabilities need to be patched very quickly.