Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add capital option to disable completely dangerous webassembly not just the V8 engine please ! #2

Open
trimechee opened this issue Jan 19, 2025 · 0 comments
Open

Add capital option to disable completely dangerous webassembly not just the V8 engine please ! #2

trimechee opened this issue Jan 19, 2025 · 0 comments

Comments

@trimechee
Copy link

Hello, Webassembly may make web browsers faster but webassembly is the most important security threat to web browsers despite security paths, and I read news articles saying crypto mining miners cryoptp jacksing use websassembly to steal our cpu gpu power and that cryto mining jacking techniques have evolved to use only little cpu gpu resource to not arouse suspicion .....

i disabled the webassembly optimizer engine V8:

chrome://settings/content/v8

but I note with sorrow that webassembly is not completely disabled by going to this site to test if the deactivation of the dangerous webassembly is effective:

https://regex101.com/

if webassembly does not work, the site https://regex101.com/ must display me message webseembly is disabled .....

i tried these flags:

--js-flags=--noexpose_wasm --js-flags=--jitless --disable-features=WebAssembly,AsmJsToWebAssembly
--js-flags='--jitless'

but the problem, I put desktop shortcuts of many streaming websites in a folder to organize and save them, the problem the command line doesn't work all time permanently with all sites, i.e. if the web browser is started from a desktop url shortcut of a website, the command line doesn't work anymore, I noticed it when trying to disable webassembly, if the browser starup from a desktop website's url shortcut, the command line of chromium is no longer effective:

in addition many chromiumm command lines are becoming obsolete and there is no clear documentation on the effective command lines and I would like an effective and permanent solution to guarantee my safety against the dangerous web assembly please,

webassembly is dangerous and can cause crypto currency mining which can ruin us and cause harm to ecology and it is the main threat on the internet, the pirates use sophisticated techniques like using a very small power of your processor without realizing it and without clicking on any link despite your web browser is up to date,
and Webassembly Technology (WASM) is enabled by default in web browsers but

WebAssembly may be used, just like JavaScript, to “steal” processing power instead of data. In 2019, an analysis of 150 different Wasm modules found out that about 32% of them were used for cryptocurrency-mining.

https://training.linuxfoundation.org/blog/webassembly-security-now-and-in-the-future/

Though Wasm has been around for a few years, it rose to prominence more recently when it was used for cryptocurrency mining in browsers. This opened a Pandora's box of potential malicious uses of Wasm.

https://www.virusbulletin.com/virusbulletin/2018/10/dark-side-webassembly/

So I think it's necessary for the average user who to have peaceful mind that the resources of his computer are not stolen please!

we hope please, it this feature is technically possible and it doesn't tire Mr E3kskoy7wqk , that this essential function important for the money saving and ecology will be added please, thank you!

one or the the first browser to add option to disable webassembly was cromite browser, after that chrome has also added feature to disable v8....

Recently,

My Andrew-ma gives us precious advises to disable webassembly ! :

ungoogled-software/ungoogled-chromium#2604 (comment)

"Actually, you can disable Webassembly using a Chrome managed policy.

If you use the ungoogled-chromium Flatpak on Linux (https://flathub.org/apps/io.github.ungoogled_software.ungoogled_chromium), you can create the /var/lib/flatpak/extension/io.github.ungoogled_software.ungoogled_chromium.Policy.system-policies/x86_64/1/policies/managed/ directory that can contain Chromium Policy files

(valid policies are listed here: https://chromeenterprise.google/policies/)
Create the directory by running:

Create the directory
sudo mkdir -p /var/lib/flatpak/extension/io.github.ungoogled_software.ungoogled_chromium.Policy.system-policies/x86_64/1/policies/managed/;

Set the directory permissions
sudo find /var/lib/flatpak/extension -type d -exec chmod 0755 {} ;
Create the Managed Chrome policy JSON file in the directory

Create the policy JSON file
sudo vim /var/lib/flatpak/extension/io.github.ungoogled_software.ungoogled_chromium.Policy.system-policies/x86_64/1/policies/managed/managed_chrome_132_policy.json;
with the file contents as:

{
"DefaultJavaScriptJitSetting": 2
}
This Disables WebAssembly.

REFERENCE: "https://chromeenterprise.google/policies/#DefaultJavaScriptJitSetting"

1 = Allow any site to run JavaScript JIT
2 = Do not allow any site to run JavaScript JIT

After creating the managed_chrome_132_policy.json file, you need to set the right permissions for the file with:
sudo chmod 0444 /var/lib/flatpak/extension/io.github.ungoogled_software.ungoogled_chromium.Policy.system-policies/x86_64/1/policies/managed/managed_chrome_132_policy.json;
Then, restart the Ungoogled Chromium browser

Test that the setting is applied by going to "https://www.photopea.com/" and click on the "Start using Photopea" button

You should get this error message if the Policy Setting is applied:"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@trimechee