Wow, that thread is horrible. It's just flamebait from both sides. From metroholografix:
> I fear that webkit can not be salvaged
> How about all the huge OSX vulnerabilities that have been discovered?
> You are so out of touch with the state of cybersecurity that it's terrifying. Not only that, but you insist on this nonsensical adversarial attitude towards me when I'm spending my personal time trying to inform you.
> WebKit, which is abysmally bad security-wise to begin with
From the other side:
> If I didn't know any better I would say you were a paid blink shill
> Safari, which runs webkit is safer than Chromium. Because at least we know that Apple cares about security.
In all, I disagree with u/metroholografix's claims that Chrome is inherently significantly more secure than Safari. Sure, it might be if you are comparing yourself with running WebKit in-process and with no sandbox. But with the appropriate protections which macOS provides (which is where I fault u/jmercouris, because he cannot compare his project with Safari because his project doesn't actually implement these security features), it is stupid to move a project to Blink in this case.
Can you point at something in my reddit posts that is inaccurate or plain wrong? I agree that my tone could be better but notice the difference between my first post to him and my subsequent replies. It's hard to maintain a civil attitude when I am immediately accused of being a shill. Nevertheless, I think I have provided enough useful information to him. Notice how he responds each time.
You wrote that you disagree with me regarding Chrome being inherently more secure than Safari. Fair enough. Do you have any additional information that makes you think so? I pointed to PWN2OWN when I made my point. I think it easily proves that Chrome is indeed inherently more secure than Safari. That does not mean that he has to move to Chromium, it was one suggestion. He could stick with WebKit and implement a sandbox of his own. Or choose not to do that but let users know, loud and clear, that this is the case so everyone understands the trade-offs involved.
To me, based on my interactions with him on reddit, it seems that jmercouris needs to revisit a lot of his beliefs and rapidly bring himself up-to-speed with the current state of browser security.
The crux of the argument I'm making is that both Chrome and Safari are quite secure. Maybe Chrome is slightly more, maybe it's not, but it's disingenuous to present WebKit as completely broken and Blink as the only engine with good security engineers.
> He could stick with WebKit and implement a sandbox of his own.
I think this would be the best solution. Running WebKit without a sandbox is stupid, but I think your responses did not help jmercouris take your comments seriously because, to be honest, you do kind of look like a Blink shill.
$250,000 - Chrome RCE + SBX (Windows) including a sandbox escape
$80,000 - Safari + SBX including a sandbox escape (it is on the graphical table below the changelog)
$100,000 - Chrome RCE without a sandbox escape
$50,000 - Edge, Safari, Firefox RCE without a sandbox escape
To me, these prices clearly indicate that Safari is a lot easier to exploit than Chrome. They also indicate that the Chrome sandbox is a lot harder to bypass (look at the relative price differences).
For mobile the payouts are similar which indicates that Apple has paid more attention to IOS security-wise. That is also the consensus amongst most security experts I know.
Exactly. His argument would make sense if there were ONLY supply side differences but there are clearly HUGE demand side differences with Chrome making up a large majority of internet traffic.
My impression was that with the switch from (UI)Webview to WKWebKit the webview is put in a sandbox automatically. At least the rendering is now out-of-process. Do you know anything about that?
Well, WKWebKit is in fact sandboxed, on macOS, as per what is going on with Webkit2GTK+, I am less familiar, but the project is well aware and on top of all security vulnerabilities:
https://webkitgtk.org/security.html
> I fear that webkit can not be salvaged
> How about all the huge OSX vulnerabilities that have been discovered?
> You are so out of touch with the state of cybersecurity that it's terrifying. Not only that, but you insist on this nonsensical adversarial attitude towards me when I'm spending my personal time trying to inform you.
> WebKit, which is abysmally bad security-wise to begin with
From the other side:
> If I didn't know any better I would say you were a paid blink shill
> Safari, which runs webkit is safer than Chromium. Because at least we know that Apple cares about security.
In all, I disagree with u/metroholografix's claims that Chrome is inherently significantly more secure than Safari. Sure, it might be if you are comparing yourself with running WebKit in-process and with no sandbox. But with the appropriate protections which macOS provides (which is where I fault u/jmercouris, because he cannot compare his project with Safari because his project doesn't actually implement these security features), it is stupid to move a project to Blink in this case.