By sandboxing I mean running various subcomponents of the web browser each in their own process, maximally reducing their priviledges and attack surface (through things like seccomp, user namespaces, strict resource limits, clearing and disabling capabilities, minimizing what code is loaded, making the address space immutable, etc.) and maybe even virtualizing some parts (e.g. Firefox started running some components in a WebAssembly sandbox).
so there are some plans for sandboxing so that's good, but if I'm reading the code correctly (please correct me if I'm wrong) then no actual sandboxing is yet implemented on non-SerenityOS systems (e.g. there are some "pledge" calls that I can find, but it looks like it'll only work on SerenityOS?), and, if I'm being honest, this is nowhere near aggressive enough for a web browser, especially one written from scratch. If the goal was "produce the most secure web browser in the world" there's much more you could do with its architecture that even likes of Chrome won't (because of legacy considerations, and because they care a lot about how fast it runs).
But, of course, practically speaking as long as it has no market share (so no one will realistically target it) then even minimal sandboxing should be fine, and as long as the project itself doesn't pretend that it's something it is not then all is good.
There is this document here:
https://raw.githubusercontent.com/LadybirdBrowser/ladybird/d...
so there are some plans for sandboxing so that's good, but if I'm reading the code correctly (please correct me if I'm wrong) then no actual sandboxing is yet implemented on non-SerenityOS systems (e.g. there are some "pledge" calls that I can find, but it looks like it'll only work on SerenityOS?), and, if I'm being honest, this is nowhere near aggressive enough for a web browser, especially one written from scratch. If the goal was "produce the most secure web browser in the world" there's much more you could do with its architecture that even likes of Chrome won't (because of legacy considerations, and because they care a lot about how fast it runs).
But, of course, practically speaking as long as it has no market share (so no one will realistically target it) then even minimal sandboxing should be fine, and as long as the project itself doesn't pretend that it's something it is not then all is good.