Oddbean new post about | logout
jb55 | 3 months ago (raw) | root | parent | reply | flag 
 yeah its slightly more isolated, but its still floating around in the process space and js env. I would just feel more comfortable with runtime.sendNativeMessage to an app with no network access and shared keychain access with Damus
semisol | 3 months ago (raw) | root | parent | reply | flag 
 makes sense, but you probably have bigger problems if there’s a safari ACE vulnerability