ChromeOS puts Chrome in a nice safe sandbox (in addition to the sandboxing of Chrome tabs that happens on all OSes) that used selinux and other technologies. This requires modifications to Chrome. Replicating that for another browser might be harder than modifying ChromeOS to add something like this.
If you have to use it for work “whether you like it or not” then you’re extremely unlikely to have the permissions to install your own root certificate, which is a lot more sensitive operation than running Firefox.
Well then they’re able to install and run Firefox.
My point is the only situations where you have no control over browser installs are when the machine is locked down in such a way that you also cannot install root certificates.
Not necessarily. And there’s plenty of browser based software/services that do not work with Firefox or have a limited functionality with Firefox that are required for work.
I know back when I did more freelancing with podcast clients this was a constant problem. The OS folks were using could reek havoc if it wasn’t safari, edge, or chrome 90% of the time.
But again, you’d then just use Chrome for work and Firefox for personal browsing.
As it happens I lived through this in the early 00s with IE but back then I used Opera for personal browsing and IE for work.
Even in the very remote possibility that you can somehow make changes to root certificates but cannot install a second browser (and I’m being charitable here because there are literally zero reasons that would ever happen), it would still make more sense to update your local hosts files with a pihole-list block list rather than installing your own root cert and using a 3rd party tool to MITM all your web traffic.
I do get the appeal of this tool. I honestly do. But there are so many safer ways to solve this same problem.