Comment on Chromium vs Brave
qwert230839265026494@sh.itjust.works 1 year agoMan you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.
Hahaha 🤣. Honestly I would, if my device could handle.
Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.
Madaidan strikes (yet) again. F*ck my paranoia…
The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.
Very interesting insights! Thank you so much! Would you happen to know of resources that I might refer to for this?
t0m5k1@lemmy.world 1 year ago
Question: Why do you think need such high security for a browser?
Clam av on access scan: wiki.archlinux.org/title/ClamAV#OnAccessScan
ClamFS: github.com/burghardt/clamfs
qwert230839265026494@sh.itjust.works 1 year ago
Your help is much appreciated!
Good prompt! I actually started questioning my own motivations from this. And I’d say that the best I could come up with was that it’s required in order to attain the “peace of mind” from having properly secured my browser activity; which happens to be the primary activity on my device anyways.
t0m5k1@lemmy.world 1 year ago
Valid response, but why do you need to protect the OS from the browser when the browser (Brave) is already sandboxing and the browser is not an attack vector that can be directly exploited to gain access/root on your OS?
What I mean is that the tabs themselves are sandboxed to protect accounts that are opened in each from being breached, the bowser itself is obfuscating your fingerprint and blocking known bad actor sites etc so this leaves only what you manually download and here the browser will warn you if a given download has the potential to harm.
So unless you are downloading files from very questionable locations I can’t see the need for a containerised browser.
Containers are good and yes have flaws but the main purpose of them is to add another layer between the application and the OS so if application is exploited the attacker has to break another wall/layer to get to the real root.
I know in April 2021 the was a PoC that used JavaScript to reverse the effect of a patch which allowed an attacker to break out of the chromium sandbox, but that was never used and if it was the attacker would first need to breach a site to deploy the code that you would then execute by visiting the site or it would be fed to you via a phishing attempt. Both of these delivery methods would need to be very stealthy and fast. currently there are 4 known CVEs for brave: (sorry for long link)
www.cvedetails.com/vulnerability-list.php?vendor_…
None of these provide an attack vector that will allow access.
qwert230839265026494@sh.itjust.works 1 year ago
I’ve been enjoying your responses a lot! I just wanted to express my gratitude one more time!
Uhmm…, but I think that somewhat of a misunderstanding might happened somewhere.
Just to be clear. I acknowledge Brave’s (or rather Chromium’s for that matter) sandbox capabilities. I’m not necessarily afraid of whatever I’m doing inside to break out of the sandbox. Sure, the ‘risk’ (if at all) can be further circumvented with the use of VMs and whatnot and for some people this approach is justified. But me lamenting on using something like Qubes (eventually) is more about having an OS that actually has sane security defaults. And having browsers run in VMs is just part of that. Currently, I just want a secure and private browser to use on desktop. So far, it seems that Brave is superior over Chromium due to added features like fingerprint-spoofing, the inevitable discontinuation of Manifest v2 etc.
What I am afraid of is how secure (continued) operation within containers would be. So even if Brave (or whichever browser for that matter) is not the culprit, the rest of the container environment might endanger the rest of my system. Of course, I’m a total noob so I might be talkin’ outta my A$$. So please correct me if my understanding is faulty.
Hehe, I guess if I would be forced to do a thing like that I would do so within a VM 😅.
So I’ve mostly been using well-integrated ‘pet-containers’ like the ones known from Distrobox (with a relevant recent feature). Aside from those I’ve been exposed to the earlier article and to this video. These ‘expositions’ have made me go from a Distrobox-enjoyer to a pessimist that doesn’t dare to come close to them until I’ve better educated myself on them 🤣.