And Chrome had one with severity "High" just three days ago, browsers will always have security issues that seem to be patched reasonably fast in the big three. Might as well pick one that's not part of the monoculture by a big advertising company, depending on your threat model of course.
QubesOS is great if you need to do work and personal stuff on the same computer. I do most of my stuff in the browser and have a separate computer for work. I am mostly interested in making initial access as expensive and difficult as possible.
You are still just as vulnerable or more vulnerable to malware stealing browser sessions, passwords, and everything you have on the AppVM the browser is running on than you are on a regular Fedora Workstation. Unless you only use disposable VMs, which you probably don't. If QubesOS had hardened templates, I would use it. When I used it, SELinux was not enforced, and I believe it still has passwordless sudo. Not sure what other mitigations are disabled in the default templates compared to regular, non-QubesOS Fedora Workstation.
> QubesOS is great if you need to do work and personal stuff on the same computer
This is significantly underestimating the benefits of Qubes. Are you using your online banking in the same browser that you use for random web surfing? I do it in separate VMs with hardware isolation. Same compartmentalization with all other things.
> You are still just as vulnerable or more vulnerable to malware stealing browser sessions, passwords, and everything you have on the AppVM the browser is running on than you are on a regular Fedora Workstation
This is not true. I'm not using the same VM for everything but dedicated VMs for bank, email, HN, instant messaging and so on. A malware on a random website would only get the access to an empty VM, nothing more. Passwords can be securely saved in the related single-purpose browsers and in a plain text file (in an offline VM).
> If QubesOS had hardened templates, I would use it.
You misinterpret the Qubes' approach to security. If your VM is compromised, no hardening will save your data (https://xkcd.com/1200/). On Qubes, you should compartmentalize your digital live into security domains, such that you never run anything untrusted in trusted ones and never have anything valuable in untrusted ones. With such approach, hardening is irrelevant. More examples: https://www.qubes-os.org/news/2022/10/28/how-to-organize-you...
> Unless you only use disposable VMs, which you probably don't.
I don't understand why one wouldn't use them for everything not requiring saving the data. Of course I do use them and wrote this comment from one.
> This is significantly underestimating the benefits of Qubes. Are you using your online banking in the same browser that you use for random web surfing? I do it in separate VMs with hardware isolation. Same compartmentalization with all other things.
What about NetVM? All AppVMs us that so what if that get's compromised? Since the templates are not hardened at all, could the attacker jump from NetVM to AppVM?
> I'm not using the same VM for everything but dedicated VMs for bank, email, HN, instant messaging and so on. A malware on a random website would only get the access to an empty VM, nothing more.
So how many Templates and AppVMs do you have? Each of those dedicated VMs would need their own AppVMs at least. You have Domain: Bank, Domain: Email (do all email accounts get their own domain?), Domain: HN, Domain: Github, Domain: Stackoverflow, Domain: Signal and so on.
> If your VM is compromised, no hardening will save your data
So that means layered security is totally meaningless and instead of keeping it default, let's remove mitigations?
> you never run anything untrusted in trusted ones and never have anything valuable in untrusted ones.
In practice, this is close to impossible.
> I don't understand why one wouldn't use them for everything not requiring saving the data
Disposable VMs were the best part of QubesOS, but unfortunately, it's is pretty common that you need to login to something or save something, which means you can't use DisposableVMs for everything.