de0u I'm not sure it's possible to answer that question as phrased
Makes sense, probably why i percieved my specific question not getting answered.
So it's clear site isolation is not on par with Chromiums implementation, also logical given the resources.
So i believe disabling JIT, web assembly, WebGL, WebRTC and javascript would reduce a fair amount of attack surface. I believe this is even stated on the features page of GOS under vanadium. Basicly i want to learn what other options there are available to exploit a browser if those potentional attack vectors are disabled. There probably are but i myself i'm unaware, hence my request to people more knowledgeable on this subject to teach me other means a browser could potentionally be exploited. Not a list, just an example, say for example through browser extensions, through svg, whatever...
An answer could be present in your hypothetical example:
Let's say, hypothetically, there is some weird vulnerability in rendering certain fonts in some Android library. Maybe in a Gecko browser somebody can leverage that to extract all cookies from all sites visited, or maybe access saved passwords, whatever, while on a Chromium browser that site gets only information about itself.
Say in this example Javascript, WASM, JIT, WebGL & WebRTC is disabled, how would one leverage that vulnerability?
This would be an answer of a method i myself i'm unaware of and i believe there could be many others aswell, i just want to learn which attack vectors are being used in the wild, other than those mentioned already which are disabled.
I realize i'm asking the same thing, but i hope it's phrased better and i hope it's possible to answer.