[comex]

Do you use a modern browser? If so, you use a piece of software that has been exploited many times by attacks in the wild. Those attacks were mostly targeting either a phone OS or Windows or macOS - not because there is anything in desktop Linux that would defend against those attacks, but because it is less popular. Perhaps some attacks did target desktop Linux; it’s hard to tell because few in-the-wild attacks are publicly documented in detail (although Project Zero has a spreadsheet of bugs known to have been exploited in the wild [1]). Regardless, at best you are relying on security by obscurity. And that’s despite the fact that modern browsers already have built-in sandboxing; without it the situation is worse.

[1] https://googleprojectzero.blogspot.com/p/0day.html?m=1

[hulitu]

The modern web browser is a RCE vulnerability in itself. That developers seems to think this is a good idea is beyond my comprehension.

On a modern system the browser should run ideally in a virtual machine without any access to hardware or filesystem.

[QUrprUd1nCeicw]

On a modern Linux distro a web browser installed from Flatpak/Snap will be sandboxed in a container. But you need to be using Wayland too (or setup a separate X11 sandbox) because X11 circumvents the container. Example code for it here: https://mjg59.dreamwidth.org/42320.html