We should look into how other browsers implement seccomp and other syscall-sandboxing measures for their different process classes.
We should be able to abstract this in a way that's similar to how SerenityOS/OpenBSD's pledge works, to not go crazy with massive syscall list files.
Ideally we would be able to sandbox the WebContent/WebWorker, RequestServer, ImageDecoder, and any future GPU process in a way that they have privileges limited. Locking down at least the ability to create new IPC sockets and requiring those to come from the UI process would be a good first step.
We should also look into similar features for other operating systems.
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
You're funding impactful open source efforts
You want to contribute to this effort
You want to get funding like this too