Users of apps integrating WebView like Keychat are more secure on #GrapheneOS than anywhere else. The Vanadium browser security hardening also targets the WebView.
This means you get exploit mitigations like MTE and CFI covering the an app's WebView processes. We also release patches quicker than anyone else with exception of Chrome itself. You can go even quicker and use the Beta channel too.
WebView patches are handled independently via the App Store app. No need to OS upgrade like some operating systems or OEMs. Many also fall behind in updating the WebView, certain OSes like /e/OS repeatedly held back updating their browser and WebView for years. This led to gaps of tens of known security vulnerabilities there.
The PDF viewer app in GrapheneOS uses an isolated WebView that streams the pdf data into pdf.js so it can load without file access permissions. This WebView has additional containment by blocking dynamic code with a content security policy.
Neither the deb or appimage working on POP!_OS 22.04 LTS
What desktop web browser do you use/recommend out of interest?
