Nostr Web Client

Users of apps integrating WebView like Keychat are more secure on #GrapheneOS than anywhere else. The Vanadium browser security hardening also targets the WebView.

This means you get exploit mitigations like MTE and CFI covering the an app's WebView processes. We also release patches quicker than anyone else with exception of Chrome itself. You can go even quicker and use the Beta channel too.

nostr:nevent1qqswucjysdduxa2frl3zyuyadm96sdat4zew4d0lrynnwwnal8qq9qqpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyzaljga2jfrqvhugcsx8mxlkrnxvplelelcxt2xt9l6vlwmzpz83uqcyqqqqqqgwyg098

Final 4mo ago

WebView patches are handled independently via the App Store app. No need to OS upgrade like some operating systems or OEMs. Many also fall behind in updating the WebView, certain OSes like /e/OS repeatedly held back updating their browser and WebView for years. This led to gaps of tens of known security vulnerabilities there.

Reply to this note

Please Login to reply.

Discussion

Final 4mo ago

The PDF viewer app in GrapheneOS uses an isolated WebView that streams the pdf data into pdf.js so it can load without file access permissions. This WebView has additional containment by blocking dynamic code with a content security policy.