EnmaBytes

Linux distros we can confirm ship Brave as the default browser: Zorin OS 17.3+, Nobara Linux 42+, RefreshOS. That list should be longer. The browser is the user's main security boundary for the modern web. Untrusted JavaScript, media parsing, GPU code paths, WebRTC, extensions, login sessions, fingerprinting, phishing, cross-site tracking. All of it converges there. So the default browser matters. A browser has to assume hostile web content will eventually hit a bug. The real question is what a compromised renderer can still reach. That is where Chromium's architecture earns its keep. - Site isolation puts different sites into different sandboxed renderer processes. - The sandbox limits what a compromised renderer can touch locally. - Linux seccomp-bpf cuts kernel syscall attack surface. - Dedicated service processes keep risky functionality out of one shared security context. - Hardened allocation, control-flow protections, and use-after-free mitigations make exploitation harder. The goal is not "no browser bugs." The goal is making one bug less useful. Brave inherits that foundation and strips the Chrome parts that make no sense as a privacy default. No Google account dependency, no Chrome Sync dependency, no surveillance-ad business model, no need to install an ad blocker to get basic tracker protection. On top of that: - Shields on by default, - third-party ad and tracker blocking, - cross-site cookie protections, - CNAME uncloaking, - fingerprinting protections, - ephemeral third-party storage, - bounce tracking protections, - URL tracking protections, - De-AMP, - a native Rust adblock engine. The distro-default question is not "can Firefox be hardened?" It is "what does a normal user get on day one?" Most users will never install 5 extensions, audit settings, or paste in an about:config hardening guide. A distro default should protect those users immediately. One note for maintainers: packaging matters. A browser's internal sandbox is part of its security model, and some packaging formats change it. Native packages from official repositories should be preferred over random repackages. Linux distributions should stop treating the browser as a legacy preference. It is the user's main security boundary for the modern web.