[solved]Gnome Epiphany secure enought for daily use

Message

Heliosstyx · #1 Post by **Heliosstyx** » 2020-02-18 11:18

Is Gnome Epiphany secure enough for daily use under Debian 10 Gnome 3.30? What is your recommendation?

Thank you.

Head_on_a_Stick · #2 Post by **Head_on_a_Stick** » 2020-02-18 11:41

Heliosstyx · #3 Post by **Heliosstyx** » 2020-02-18 12:55

Thank you for your answer. I thought that epiphany is based on Webkit GTK 2 and so it will be security monitored by Debian, is'nt it? Your reference to the Debian 10 release information is very helpfully.

Head_on_a_Stick · #4 Post by **Head_on_a_Stick** » 2020-02-18 14:19

Heliosstyx wrote:I thought that epiphany is based on Webkit GTK 2 and so it will be security monitored by Debian, is'nt it?

Yes, you're right. That's the second time I've made that mistake...

Heliosstyx · #5 Post by **Heliosstyx** » 2020-02-18 15:31

So everbody can use Epiphany under Debian 10 without any risks? Thank you.

shep · #6 Post by **shep** » 2020-02-18 20:10

So everbody can use Epiphany under Debian 10 without any risks? Thank you.

I watched a talk on risk and it broke it down into 3 aspects.
1) Attack surface, ie the part of the software that is exposed.
2) Code quality
3) How motivated the bad guys are to try to find a vulnerability.

From the standpoint of Chromium and Firefox, Chromium has better privilege separation and code quality according to Theo De Raadt.
Both are widely used and a ripe target for attackers.

Webkitgtk browsers previously had poor code quality which is now being addressed. Given its lower popularity, it is a less lucrative target

When assessing a browsers, risk is relative. A browser may have a vulnerability but there are no active exploits in the wild.

There are also mitigations you can do over and above. Disable browser access to cameras, microphones etc. Set the browser to clean all cookies/history when closing. Make sure the browser can only upload/download from one folder and not your entire system. Sandbox the browser, Debian does this automatically with Chromium and webkitgtk/bubblewrap.

Higher Risk is a vulnerability that is actively being exploited.

Heliosstyx · #7 Post by **Heliosstyx** » 2020-02-19 08:51

Thank you @shep for your clear answer. Debian is sandboxing automatically Chromium and WebGtk: does this mean that Epiphany will also be sandboxed automatically by Debian, because it is using WebGtk 2?

shep · #8 Post by **shep** » 2020-02-19 12:14

Front ends for webkitgtk will be sandboxed. That includes Epiphany, Midori, Qutebrowser and Vimb.

trinidad · #9 Post by **trinidad** » 2020-02-21 13:15

https://www.cvedetails.com/vulnerabilit ... phany.html

I would say it is secure enough if your praxis is sensible and you are on Buster.

TC

Debian User Forums

[solved]Gnome Epiphany secure enought for daily use

[solved]Gnome Epiphany secure enought for daily use

Re: Gnome Epiphany secure enought for daily use

Re: Gnome Epiphany secure enought for daily use

Re: Gnome Epiphany secure enought for daily use

Re: Gnome Epiphany secure enought for daily use

Re: Gnome Epiphany secure enought for daily use

Re: Gnome Epiphany secure enought for daily use

Re: Gnome Epiphany secure enought for daily use

Re: [solved]Gnome Epiphany secure enought for daily use