More comprehensive security comparisons for browsers article

[Ganwtrs]

Relevant resources:

• A browser security guide from a major secureblue (and Trivalent) contributor
• Madaidan's Firefox article is old but unfortunately still somewhat accurate (win32k lockdown has been enabled, but it's hard for me to tell if anything else has changed)

Extra comparisons added could be:

• Options to disable JIT, Edge can do it without needing to disable WASM and Safari needs Lockdown Mode
• Code Integrity Guard (CIG) exclusive to Edge
• Update cycle
• Control Flow Integrity (CFI)
• Strength of site isolation (Gecko and WebKit are weaker than Chromium)
• X11 or Wayland by default on Linux
• Memory allocation hardening
• Untrusted font blocking
• seccomp-bpf filtering?

I would also like to request that there be a warning against using Flatpak browsers, as they have way worse site isolation.

[eylenburg]

Hi, good idea.

Perhaps as a starting point, the links you mentioned can be used to have a kind of rough "security rating" (good/medium/bad/...) similar to the "privacy rating" that is currently found towards the top of the browser comparison table.

[eylenburg]

I've added a line on this. Chrome, Edge and Safari offer "good" security, the rest "mixed". I don't think any of the browsers listed are truly bad - that would be reserved for some downstream fork with delayed updates or browsers using their own engines with limited focus or manpower to focus on security (e.g. Pale Moon)