[solved]Gnome Epiphany secure enought for daily use

Everything about X, Gnome, KDE, ... and everything running on it

[solved]Gnome Epiphany secure enought for daily use

Postby Heliosstyx » 2020-02-18 11:18

Is Gnome Epiphany secure enough for daily use under Debian 10 Gnome 3.30? What is your recommendation?

Thank you. :wink:
Last edited by Heliosstyx on 2020-02-19 12:33, edited 1 time in total.
Heliosstyx
 
Posts: 29
Joined: 2019-10-26 09:52

Re: Gnome Epiphany secure enought for daily use

Postby Head_on_a_Stick » 2020-02-18 11:41

User avatar
Head_on_a_Stick
 
Posts: 11992
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Gnome Epiphany secure enought for daily use

Postby Heliosstyx » 2020-02-18 12:55

Thank you for your answer. I thought that epiphany is based on Webkit GTK 2 and so it will be security monitored by Debian, is'nt it? Your reference to the Debian 10 release information is very helpfully. :mrgreen:
Heliosstyx
 
Posts: 29
Joined: 2019-10-26 09:52

Re: Gnome Epiphany secure enought for daily use

Postby Head_on_a_Stick » 2020-02-18 14:19

Heliosstyx wrote:I thought that epiphany is based on Webkit GTK 2 and so it will be security monitored by Debian, is'nt it?

Yes, you're right. That's the second time I've made that mistake...
User avatar
Head_on_a_Stick
 
Posts: 11992
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Gnome Epiphany secure enought for daily use

Postby Heliosstyx » 2020-02-18 15:31

So everbody can use Epiphany under Debian 10 without any risks? Thank you.
Heliosstyx
 
Posts: 29
Joined: 2019-10-26 09:52

Re: Gnome Epiphany secure enought for daily use

Postby shep » 2020-02-18 20:10

So everbody can use Epiphany under Debian 10 without any risks? Thank you.


I watched a talk on risk and it broke it down into 3 aspects.
1) Attack surface, ie the part of the software that is exposed.
2) Code quality
3) How motivated the bad guys are to try to find a vulnerability.

From the standpoint of Chromium and Firefox, Chromium has better privilege separation and code quality according to Theo De Raadt.
Both are widely used and a ripe target for attackers.

Webkitgtk browsers previously had poor code quality which is now being addressed. Given its lower popularity, it is a less lucrative target


When assessing a browsers, risk is relative. A browser may have a vulnerability but there are no active exploits in the wild.

There are also mitigations you can do over and above. Disable browser access to cameras, microphones etc. Set the browser to clean all cookies/history when closing. Make sure the browser can only upload/download from one folder and not your entire system. Sandbox the browser, Debian does this automatically with Chromium and webkitgtk/bubblewrap.

Higher Risk is a vulnerability that is actively being exploited.
Last edited by shep on 2020-02-19 12:16, edited 1 time in total.
shep
 
Posts: 381
Joined: 2011-03-15 15:22

Re: Gnome Epiphany secure enought for daily use

Postby Heliosstyx » 2020-02-19 08:51

Thank you @shep for your clear answer. Debian is sandboxing automatically Chromium and WebGtk: does this mean that Epiphany will also be sandboxed automatically by Debian, because it is using WebGtk 2?

:mrgreen:
Heliosstyx
 
Posts: 29
Joined: 2019-10-26 09:52

Re: Gnome Epiphany secure enought for daily use

Postby shep » 2020-02-19 12:14

Front ends for webkitgtk will be sandboxed. That includes Epiphany, Midori, Qutebrowser and Vimb.
shep
 
Posts: 381
Joined: 2011-03-15 15:22

Re: [solved]Gnome Epiphany secure enought for daily use

Postby trinidad » 2020-02-21 13:15

https://www.cvedetails.com/vulnerabilit ... phany.html

I would say it is secure enough if your praxis is sensible and you are on Buster.

TC
You can't believe your eyes if your imagination is out of focus.
trinidad
 
Posts: 129
Joined: 2016-08-04 14:58


Return to Desktop & Multimedia

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable