[PoignardAzur]

> There could be a parser bug somewhere in your web browser for example that allows a properly crafted input to hijack the browser process.

Bit of a caveat: Chromium and Firefox are probably some of the most hardened software programs in the world (for other browsers, all bets are off).

Chromium distributes its logic over multiple processes per tab, so that even if you eg find a zero-day in V8, you still can't use it to get arbitrary file access without a sandbox escape. Last I checked, Firefox was getting there. Also, Firefox compiles some parsing and image processing libraries to WebAssembly for another layer of sandboxing (and to protect against ROP exploits), and increasingly uses Rust for sensitive tasks.

That's not to say they're safe, but I don't think they're the biggest source of exploits.

[alasdair_]

> Bit of a caveat: Chromium and Firefox are probably some of the most hardened software programs in the world (for other browsers, all bets are off).

There is a certain irony in the idea that people should rely on a Google product to avoid having their privacy compromised.

[choko]

I guess with Google, at least you know and give consent to the privacy "invasion" when you use their products.

[alasdair_]

> I guess with Google, at least you know and give consent to the privacy "invasion" when you use their products.

Google tracks you and adds things to your profile when you explicitly choose incognito mode to avoid the privacy invasion. This doesn't seem like informed consent to me.