Are in-app browsers in Electron even secure in the first place? Does it use Chro... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

kentonv on March 27, 2022 | parent | context | favorite | on: Chrome 0day is being exploited now for CVE-2022-10...

Are in-app browsers in Electron even secure in the first place? Does it use Chrome-style sandboxing with multiple processes, etc.? Do bugs in the Electron engine get patched in a timely fashion?

Genuinely asking here. I've never written an Electron app personally so I don't know how this stuff is done exactly, but the idea of in-app browsers in Electron apps sounds terrifying to me, security-wise.

mwcampbell on March 27, 2022 [–]

Electron has been moving toward security by default in renderer processes, but Chromium sandboxing isn't yet enabled by default in these processes. More here: https://www.electronjs.org/docs/latest/tutorial/sandbox

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact