[lxgr]

Say what else you will about browsers, but they do offer a sandboxed execution environment across all major OSes, only limited by browser capabilities.

There's an argument to be made for limiting some of these permissions to "installed" PWAs, but these beat random Electron apps running with full user permissions in terms of security.

[BiteCode_dev]

If random electron apps is not connecting to the entire internet, loading completely random code from any website in the world, not they don't.

Before USB4, USB came with DMA. If your sandbox has ever an exploit, that's close to instant rooting capabilities exposed to the entire web.

USBC an hold a ton of power. One sandbox exploit, and the entire web can fry your machine.

This is too dangerous of a capability to be exposed to a public network with tons of malicious actors and bots.

[lxgr]

> If random electron apps is not connecting to the entire internet, loading completely random code from any website in the world, not they don't.

Why not? Nothing in terms of sandboxing prevents them from doing so, unlike webapps.

> Before USB4, USB came with DMA.

DMA is mainly a threat to the host, not the device, isn't it?

> USBC an hold a ton of power. One sandbox exploit, and the entire web can fry your machine.

How so? There isn't a "fry this device" USB protocol command. Obviously you could drain a printer's ink etc., but that's just another facet of "don't give random websites/PWAs access to sensitive hardware" that the browser UX indeed has to get right.