- Type-based Control Flow Integrity enabled
- Hardware memory tagging (MTE) enabled for the main allocator
- Strict site isolation and sandboxed iframes
- JavaScript JIT disabled by default with per-site override option
- Native Android autofill implementation to avoid needing sandboxed Google Play for autofill support
- WebGPU disabled for attack surface reduction
- WebRTC IP handling policy toggle to control peer-to-peer WebRTC mode
- Compiler hardening: automatic variable initialization, strong stack protector, well defined signed overflow
- High performance content filtering engine using EasyList + EasyPrivacy with a per-site override option
- More complete state partitioning without origin trial opt-out
- High entropy client hints replaced with the frozen user agent values to avoid leaking device/OS info
- Battery API always shows the battery as charging and at 100% capacity
- Trivial subdomain hiding disabled
- Consistent browser behavior across users without usage of feature flags and seed-based trials
- Nearly all remote services disabled by default or removed. Only connects to GrapheneOS servers by default. There are only 2 default services: component updates such as certificate authority and certificate revocation updates and DNS-over-HTTPS connectivity checks when enabled
- Web search and global search intents to replace the need for an OS search app
- Option to always open links from other apps, custom tabs and search intents in Incognito mode
Better default settings, including non-user-facing flags:
- Reduce Accept-Language header by default (only available via chrome://flags)
- Third party cookies disabled by default
- Payment support disabled by default
- Website background sync disabled by default
- Sensors access disabled by default
- Protected media (DRM) disabled by default
- Hyperlink auditing disabled by default
- Do Not Track enabled by default mainly to avoid users differentiating themselves from others by enabling it since it has no real value
- WebRTC IP handling policy set to the most private value by default instead of the least private value (turned into a user-facing option by Vanadium)
quotingOur features page now has a section listing the features added by our Vanadium browser and WebView:
nevent1q…cwrn
https://grapheneos.org/features#vanadium
It explains the approach to content filtering, anti-fingerprinting and state partitioning including current limitations. Major improvements are coming.
#GrapheneOS