@Bot
I'll do better, since I know enough about sandboxes and JIT.
Analyze this article:
Firefox and Chromium | Madaidan's Insecurities
, which I already know from 2022, and verify what was written in 2022 with the most recent data from 2025, then draw updated conclusions about the sandboxes and JIT of the two browsers.
You’re asking for exactly the right kind of check: “what did Madaidan claim in 2022, and how much of that still holds with newer data?”
I have two important constraints:
- I can’t open the link you posted directly.
- My knowledge stops in late 2024, so I can’t verify 2025‑specific changes (new sandbox work, CVEs, etc.).
But Madaidan’s Firefox/Chromium article is widely known, and its core arguments haven’t changed much since 2022. I’ll base this on that article’s main claims (as they are generally cited) and on what’s known up to ~2024.
Below is an updated, technically focused comparison of
sandboxing and
JIT.
---
1. What Madaidan’s article basically says (relevant parts)
Stripping it down to the parts you care about (sandbox + JIT):
- Chromium (Chrome, Edge, Brave, etc.) has:
- Stronger and more fine‑grained sandboxing on all major platforms (Linux, Windows, macOS).
- More aggressive use of seccomp‑bpf, namespaces (on Linux), AppContainer (on Windows), etc.
- Better site isolation / process isolation.
- Firefox has:
- A meaningfully weaker sandbox, especially on Linux.
- Less strict seccomp filters, less granular process separation, and historically lagging site isolation.
- JIT (in both engines, JS + often Wasm) is:
- One of the largest and most complex attack surfaces, repeatedly used in real‑world exploits.
- Something that can (for high‑security users) reasonably be disabled to reduce risk, at the cost of performance and occasional breakage.
- Conclusion: from a pure security architecture perspective (ignoring privacy rhetoric), a hardened Chromium build is preferable to Firefox, and you should strongly consider disabling JIT if you accept the perf hit.
That’s the “Madaidan line”.
---
2. Chromium sandbox vs Firefox sandbox as of ~2024
I’ll split this by OS, because the article does that implicitly.
2.1. Linux
This is where Madaidan is most critical of Firefox.
Chromium on Linux (up to 2024):
- Uses multiple namespaces (user, PID, network, mount, etc.) for renderer and other processes, on kernels where that’s available.
- Uses seccomp‑bpf with fine‑grained, per‑process‑type filters.
- Has a privileged broker process that performs restricted operations on behalf of sandboxed renderers.
- Renderer processes generally:
- Have no direct filesystem access.
- Have no direct network access (network is brokered).
Directionally, this is still the case as of late 2024. Chromium’s Linux sandbox remains the de‑facto reference implementation.
Firefox on Linux (up to 2024):
Since 2022, Firefox
has improved but the structural gap is still there:
- Multiprocess model / Fission:
- Site isolation (“Fission”) is enabled by default now and fairly mature.
- This gives more content processes and better isolation between sites than pre‑Fission Firefox.
- Sandboxing:
- Uses a content sandbox with tunable “levels”.
- Uses seccomp‑bpf, but:
- Filters are generally less strict than Chromium’s.
- Some processes (e.g. socket / networking, certain utility/RDD processes) are more privileged and have broader syscall or networking capabilities.
- Firefox’s approach to user namespaces is more conservative for compatibility reasons, and historically weaker than Chromium’s design.
As of 2024, I have not seen any credible technical source claiming that
Firefox’s Linux sandbox has overtaken or even fully matched Chromium’s. The general security‑research consensus is still:
On Linux, Chromium’s sandbox remains meaningfully stronger and more mature than Firefox’s.
So:
Madaidan’s core Linux‑sandbox claim still holds. Some details from 2022 are outdated (e.g. Fission now being default and stable vs “in progress”), but the
direction (Chromium >> Firefox) is unchanged.
2.2. Windows
Chromium on Windows (up to 2024):
- Renderer processes run in AppContainer with low privileges.
- Additional uses of:
- Job objects.
- Win32k lockdown (very limited GDI/syscall surface).
- Modern mitigations like CFG, CET on supported hardware, etc.
- Network, GPU, and other auxiliary processes also run in restricted sandboxes, with different tokens and job limits.
Firefox on Windows (up to 2024):
- Uses its own multi‑level content sandbox based on restricted tokens and job objects.
- Has improved its win32k lockdown over the years, but:
- Historically lagged behind Chromium on how aggressively it limits win32k and other system calls.
- Some processes still need broader access for legacy/compat reasons.
- Fission gives better per‑site process separation, but the underlying sandbox container is still not as locked down as Chromium’s AppContainer approach for renderers.
Again, the balance hasn’t flipped. Firefox on Windows is much better than it used to be, but as of 2024
Chromium’s Windows sandbox is still regarded as stronger in depth and maturity.
2.3. macOS
On macOS, both Chromium and Firefox use the platform
Seatbelt sandbox, but:
- Chromium ships with more granular and battle‑tested sandbox profiles, and a stronger track record of hardening updates.
- Firefox’s sandbox profiles have improved, but I’m not aware of any credible analysis claiming they surpass Chromium’s.
So Madaidan’s broad statement—
“Chromium’s sandboxing is generally stronger than Firefox’s across platforms”—is still broadly correct up to 2024, even if some nitty‑gritty details have evolved.
---
3. JIT and exploit surface: what changed since 2022?
This is what you care about most (and you already know the performance side firsthand).
3.1. What Madaidan argued
Roughly:
- JIT engines (JS and often Wasm JIT) are:
- Extremely complex, highly optimized, and thus bug‑prone.
- Historically responsible for many browser RCEs and 0‑days.
- Disabling JIT:
- Removes this entire class of JIT miscompilation / optimization / type confusion vulns from reach.
- Has a big performance cost, but is a reasonable trade‑off for high‑security setups.
- Therefore, for maximum security, you should prefer:
- A hardened Chromium build, and
- JIT disabled (JS + ideally Wasm), where practical.
3.2. JIT reality 2022 → 2024
Two key questions:
- Have JIT bugs “gone away”? → No.
- Have mitigations improved so much that JIT is no longer a big deal? → Not really; it’s better, but still a major surface.
Chromium (V8 + Wasm) up to 2024:
- Still regularly publishes JIT‑related CVEs in V8; some exploited in the wild.
- Has invested heavily in mitigations:
- V8 sandboxing / pointer compression.
- CFI, CET, hardened allocators (PartitionAlloc).
- More robust site isolation (Fenced Frames, BFCache hardening, etc.).
- You can still run Chromium with JIT disabled (e.g., `--js-flags=--jitless` style flags), but this is not exposed as a mainstream user toggle. It’s still a niche hardening option.
Firefox (SpiderMonkey + Wasm) up to 2024:
- Still regularly has JIT CVEs (Ion/Baseline/Wasm JIT), some with “high” severity.
- Has improved memory safety and sandboxing, but:
- Has fewer resources than Google and moves more slowly on large architectural hardening.
- SpiderMonkey JIT remains a large, complex component.
- You can disable JIT (and Wasm JIT) via `about:config`:
- e.g., toggling `javascript.options.ion`, `javascript.options.baselinejit`, `javascript.options.wasm` (exact prefs can vary over time).
- You’ve already observed: Speedometer 3.1 score can drop by ~50%; this is consistent with what we expect.
So, between 2022 and 2024, nothing happened that would
invalidate Madaidan’s high‑level claim:
JIT remains one of the biggest and most frequently‑targeted pieces of browser attack surface.
What
has changed is:
- Modern exploit chains are more likely to require multiple vulnerabilities (e.g., JIT bug + sandbox escape).
- Mitigations (CFI, CET, site isolation, V8 sandbox, etc.) raise the bar even after a JIT bug is hit.
But none of that makes JIT “safe”. It just means the attacker’s job is harder.
---
4. Updated conclusions (up to 2024, not 2025)
Within my knowledge window, here’s the honest state:
4.1. Sandboxing: Chromium vs Firefox
- On Linux: Chromium’s sandbox (namespaces + strict seccomp + broker) is still significantly stronger than Firefox’s. Fission narrows the isolation gap, but not the kernel‑hardening gap.
- On Windows: Chromium’s AppContainer‑based renderer sandbox, plus modern mitigations, still has the edge over Firefox’s custom sandbox.
- On macOS: Both use Seatbelt, but Chromium maintains more aggressive and granular sandboxing.
So the
core Madaidan conclusion on sandboxing remains valid: Chromium is still the more robustly sandboxed architecture overall.
4.2. JIT and “should I disable it?”
- JIT (JS + often Wasm) is still a prime exploit target in both Chromium and Firefox.
- Disabling it:
- Very likely prevents exploitation of a large subset of JIT‑only bugs.
- Does not protect you from non‑JIT bugs (DOM, WebGPU, sandbox escapes, drivers, etc.).
- Imposes a heavy performance cost and can break some modern sites.
- Your own observation (Speedometer 3.1 halved when JIT is off in Firefox) is entirely in line with what we’d expect.
From a pure
security maximalist standpoint, Madaidan’s prescription is still coherent:
“If you have a powerful machine and can tolerate significant slowdowns / occasional breakage, disabling JIT can be a rational hardening step, especially combined with a strong sandbox (Chromium) or as extra mitigation for a weaker sandbox (Firefox).”
For most people, it’s
over‑kill; for a high‑risk user, it’s at least reasonable to consider.
---
5. Where I must stop (2025 data)
You explicitly asked:
“…verify what was written in 2022 with the most recent data from 2025…”
Here I have to be strict: I
do not have 2025 sandbox design changes or 2025 JIT‑specific hardening details. I also
won’t invent CVEs, changelogs or vendor claims for 2025.
So my conclusions are:
- Verified timeframe: up to ~late 2024.
- Within that window: Madaidan’s main thrust still holds:
- Chromium’s sandboxing remains meaningfully stronger than Firefox’s on all major desktop OSes.
- JIT in both engines remains a major and frequently exploited attack surface.
- Disabling JIT is still a niche but legitimate hardening measure for high‑security setups that can bear the performance/compat cost.
- Unknown beyond that: any 2025 improvements or regressions.
If you want to push this further with 2025 data, the “clean” way is what you already started doing with CVEs:
- Compare 2023–2025 renderer‑sandbox escape CVEs in Chromium vs Firefox.
- Compare 2023–2025 JIT‑related CVEs in both.
- Layer on top the architecture facts (who uses what sandbox, which mitigations).
Given your background, you’re perfectly placed to do that differential analysis; I just can’t see the last year of it.
If you’d like, you can paste specific 2025 release‑note snippets or MFSA/Chromium security note text here (for sandbox/JIT changes), and I can help you reason through
those pieces explicitly without guessing.
