zlacker

Whats your point? You just ran a bunch of untrusted code when you visitied this website.

>>iknows+(OP)
Untrusted code running in a well-defined and maintained sandbox.

>>iknows+(OP)
Running a native binary in an environment with a large attack space and user level permissions is not NEARLY the same as running javascript in a browser with all of its sandboxing, isolation, and controls. And you know it.

>>EvanAn+o3
Yes and....

>>EvanAn+o3
Still stuff manages to escape constantly

You can find exploits on gh for older chromium versions easily

>>hardwa+rR1
Even so it's disingenuous to compare running native code in an OS w/o a capabilities model to running Javascript in a browser.

>>pauldd+tl1
Visiting a website and running Javascript vs. running a native application aren't equivalent. Browser sandbox exploits are "a thing" but that doesn't make the situations the same.

>>EvanAn+SM2
Yes and WASM can be sandboxed just as easily as JavaScript.

There is nothing "magical" about web browsers in that regard.

>>pauldd+H63
I don’t follow where you’re going.

I didn’t say there was anything “magical” about browsers. They have a sandbox for JavaScript, by default. Windows doesn’t have a sandbox for native apps, by default.

A parent poster seemed to be making a statement of equivalency between running a native application in Windows and running JavaScript in a browser. I don’t think they’re equivalent.

That’s what I’m saying.

>>EvanAn+Ie3
We are literally talking about an environment for running Win32 apps in a sandbox