The Chrome team says they’re not going to pursue Web Integrity but…

it is piloting a new Android WebView Media Integrity API that’s “narrowly scoped, and only targets WebViews embedded in apps.”

They say its because the team “heard your feedback.” I’m sure that’s true, and I can wildly speculate that all the current anti-trust attention was a factor too.

  • ChiefSinner@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    But the add-on isn’t sandboxed like in chrome. Like i remember, depending on if you use an external MAC like apparmor or not, where if you’re runnimg in Linux and you’re using Firefox, websites could steal your ssh keys from ~/.ssh/

    Malicious addons or websites could easily do the same thing, and steal your bitwarden credentials. Unless you have the premium version, you can’t put otp on it.