Is Electron bad?

GlytchMeister

In my recent adventure in setting up my pixel 8, I have seen more than a few instances where people speak poorly about Electron and Electron-based apps. Could anyone give me the rundown on what's up with Electron?

GrapheneOS

That's a desktop problem of many apps bundling Electron's much less secure fork of Chromium without a proper sandbox, with those apps not keeping it updated. Mobile devices have an OS provided WebView with a proper sandbox available that's updated by the OS.

GlytchMeister

Oh OK so because electron-based apps on GOS use the Vanadium webview, I wouldn't be be introducing some massive vulnerability, just the regular old "everything you install is more attack surface, and FOSS does not (necessarily) equate to it being safe/secure/private," right?