Damus
Open in Damus
Final · 27w
Users of apps integrating WebView like Keychat are more secure on #GrapheneOS than anywhere else. The Vanadium browser security hardening also targets the WebView. This means you get exploit mitigati...
 Final profile picture
Final @Final
WebView patches are handled independently via the App Store app. No need to OS upgrade like some operating systems or OEMs. Many also fall behind in updating the WebView, certain OSes like /e/OS repeatedly held back updating their browser and WebView for years. This led to gaps of tens of known security vulnerabilities there.
1❤️1👍1
Final · 27w
The PDF viewer app in GrapheneOS uses an isolated WebView that streams the pdf data into pdf.js so it can load without file access permissions. This WebView has additional containment by blocking dynamic code with a content security policy.