One question, you mention memory unsafe code. Is chromium not written in C++? Isn't that still considered an "unsafe" language?
1: There's a very clever project that'll protect against use after free that's being worked on right now: https://docs.google.com/document/d/1m0c63vXXLyGtIGBi9v6YFANu...
With that and memory tagging, the vast majority of vulnerabilities go from remote code execution to just denial of service.
No, it has not been that way. For a long time Google Chrome was the only browser that had sandboxing by using separate processes for each tab (essentially).
For a long time, Firefox did not isolate different different websites in different processes. Today, Firefox has something similar to process sandboxing afaik but it took them some time to do it because their browser has a very old codebase and it took time for them to disentangle everything to provide this feature.
Over the years, Chrome's sandbox has not stood still. It has become more and more sophisticated with various other features added (e.g. sandboxing in Linux using seccomp BPF -- e.g. https://chromium.googlesource.com/chromium/src/+/0e94f26e8/d... ). BTW web searching reveals that firefox is using seccomp too now. However, I don't know the details.
So it would be interesting for someone to have a comparison between the two today.
However, with RLBox, Firefox has added a very powerful sandboxing technology that goes beyond process isolation.
Its quite impressive and I do think that Firefox can now have grounds to argue that it's more secure than Chrome.
I prefer it to chrome.
Edit: Reason I point it out is, that it took me far too long to realize it was available.
Is this just a tweaked and tuned Firefox release aimed at developers? I like how they also go out of the way to enable dark theming :-)
Previously Fx lacked so many features that existed in Chrome that you couldn't really compare them.