Would be curious to know if Eloston & wchen342 think running UG in (a well-configured) firejail would provide another layer of protection (between attacker & your filesystem) in the case of chromium 0-days.
:point_up: Edit: Would be curious to know if Eloston & wchen342 think running UG in (a well-configured) firejail or bubblewrap would provide another layer of protection (between attacker & your filesystem) in the case of chromium 0-days.
The topic can be expanded all the way to pages, and it is not a "right vs. wrong" thing. Some very quick points being: 1. bubblewrap is better in terms of security, failjail has better usability; 2. Like flatpak, failjail needs to be set-up correctly otherwise it's a placebo; 3. Linux desktop is inherently insecure, thus Qubes. However security is usually not the first priority in the choice of using Linux; 4. It is kind of unfair to blame flatpak because packages set their own permissions; it can be improved probably with a permission whitelist like Android but that's a design choice.
wchen342: I haven't hardened the permissions too much in an effort to reduce bug reports related to broken functionality. By default I allow access to the read-write access to the home directory and all devices (webcam, GPU, etc)
You could use flatpak-override or a front-end to it like Flatseal to change that and harden it
hello this is probably a silly question but I am not a seasoned chromium user.. how can I disable the home screen shortcuts from visited websites? I could not find any pertinent settings and am not sure how its persisting
I'm able to log in to my account, but when it loads teams it hangs on the load until it times out and gives a generic "We've encountered a problem". When I log in from browsers that work, it flips through about a half dozen URLs that it fetches. On UGC it stops after about the second. I wondered if it had to do with the auto-https when no transport method is specified, but that's just speculation.
it states i have to download widevinecdm files and place them in the programs widevine folder. then i went to chrome compartments to update widevine plugin. the update doesnt finish and the version stays at 0.0.0.0
Getting on par with firefox is quite the effort I think, maybe when extensions v2 get phased out for good there could be a solution across other chromium distributions as well that not only retains core functionality but also improves the apis
the pihole is great but theres a trade off between tons of features and ways to block requests (or even just select elements) and protecting a network as a whole