Sure, "all" operating systems. "All" that is OSes that have a web browser built for it that at least supports [TransformStream](https://developer.mozilla.org/en-US/docs/Web/API/TransformSt...)... And the browser and spec written and maintained mostly by people outside of France. Kinda compromises the point of being "sovereign" doesn't it?
Forking Firefox whenever the rug is pulled seems doable (with elbow grease), and in the meantime Europeans can invest on problems that don't have an already mature fully open-source solution.
> Even after losing server access, attackers maintained credentials to internal services until December 2, 2025, which allowed them to continue redirecting Notepad++ update traffic to malicious servers. The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.
Actually JPEG XL is based in part on Google's PIK format. The Zurich team from Google Research (which developed PIK and Brotli) is even actively working on JPEG XL to this day.
The reason why Chrome (also a Google product) removed it at first is more likely to be internal politics. Google is a very large corporation after all, with each faction within it having its own priorities and alignments. In the case of Chrome the team there are probably more aligned with the AVIF/AOM team than with Zurich/PIK when it came to the next-gen image format to be pushed (which would explain why Chrome did not have problems with Brotli, because there wasn't a competing Google faction that is developing a replacement for gzip).
WebExtensions still have them? I thought the move to HTML (for better or worse) would've killed that. Even install.rdf got replaced IIRC so there shouldn't be much traces of XML in the new extensions system...
Simply a consequence of multi-process' inter-process communication (IPC) swamping the task scheduler. Changing the title requires a message to be sent from a content process to the UI through IPC. If you sufficiently flood the IPC protocol with messages, it will bring your browser to a halt in its entirety because you're basically DoSing the browser's internal communications.
Single-process browsers (e.g. Pale Moon) and browsers that have previously been designed primarily with a single-process model in mind and only adopted multi-process later (Firefox, Safari) would've handled this better by at the very least not locking up the browser and eventually the OS with a runaway meltdown in memory allocation.
To test this theory I've forced the Brash code to run with `Brash.run({burstSize: 8000,interval: 1});` in the devtools console. Why the PoC author decided to arbitrarily restrict the running the PoC only to Chrome-based browsers, I don't know. If non-Chrome truly is not vulnerable we should be able to verify that for ourselves.
In a fresh profile of Pale Moon without add-ons (and immediately closing the devtools afterwards) the UI does slow down but it's still usable (and therefore the offending tab can be closed even after a while). If you never reopen devtools in the offending tab the memory never even reaches 1 GB. In the worst-case scenario where the browser would hang (which could happen if you try to open up devtools in the offending tab for example), the memory allocation doesn't get instantly out of control, and the OS will recognize that it's hanging and let you close it.
In Firefox the UI is still working somewhat but memory allocation is faster than Pale Moon (but a bit slower than Chrome). Memory becomes manageable though when you switch focus to another tab; it no longer allocates more memory and the garbage collector was able to free up memory in the offending tab's content process with the JavaScript engine no longer blocking it thanks to the said content process being suspended in the background. However the main UI process will still hold a lot of memory unless you switch back to the offending tab for the garbage collector to recognize it needs to free up memory there. And if you close the offending tab before that you get yourself a memory leak, i.e. the memory allocated by the UI process will never go away, at least until you rerun the Brash code again (where the garbage collector will then recognize there is memory to be freed in the UI process).
I don't know about Safari, I have no Apple device to test it with unfortunately.
reply