The Most Secure, Fastest, and Most Extensible Lightweight Browser
| Feature | Chrome | Firefox | Brave | Tor | eBrowser |
|---|---|---|---|---|---|
| Memory Usage | ~300MB/tab | ~200MB/tab | ~250MB/tab | ~150MB/tab | <5MB/tab |
| Process Sandbox | Yes | Yes | Yes | Yes | Yes (seccomp+ns) |
| Memory Safety | Partial | Partial | Partial | No | Full (canary+guard+UAF) |
| Anti-Fingerprint | No | Basic | Basic | Strong | Tor-level + canvas noise |
| Tracker Blocker | No | Enhanced | Shields | Yes | Built-in (EasyList) |
| DNS Encryption | DoH opt-in | DoH opt-in | DoH | Tor | DoH default + DNSSEC |
| App Firewall | No | No | No | No | Full (CIDR+rate+wildcard) |
| Extension Support | Chrome Web Store | AMO | Chrome | Limited | WebExtensions V3 |
| W^X Enforcement | Yes | Partial | Yes | No | Full |
| HTTPS-Only | Opt-in | Opt-in | Opt-in | Yes | Default |
| Embedded/IoT | No | No | No | No | Native (LVGL) |
| Code Size | ~35M lines | ~20M lines | ~35M lines | ~20M lines | <25K lines |
+------------------------------------------------------------------+
| eBrowser v2.0 |
+------------------------------------------------------------------+
| UI Layer | Tab Manager | Bookmarks | Downloads | DevTools|
| (LVGL-based) | Reader Mode | Theme Engine | Split View |
+--------------------+----------------------------------------------+
| Extension Engine | WebExtensions V3 | Content Scripts | Storage |
| | Alarms | Context Menus | WebRequest API |
+--------------------+----------------------------------------------+
| Privacy Engine | Tracker Blocker | URL Cleaner | Cookie Policy |
| | Referrer Strip | GPC/DNT | Incognito/Tor Mode |
+--------------------+----------------------------------------------+
| Security Fortress | Sandbox (seccomp/ns) | Memory Safety |
| | App Firewall | Anti-Fingerprint | W^X |
+--------------------+----------------------------------------------+
| Performance | Thread Pool | LRU Cache | HTTP/2 Mux |
| | Prefetcher | Brotli/Zstd | Profiling |
+--------------------+----------------------------------------------+
| Network | HTTP/HTTPS | TLS 1.3 | DoH/DNSSEC | CORS |
+--------------------+----------------------------------------------+
| Engine | HTML5 Parser | CSS3 | DOM | Layout | JS |
| | SVG | GPU Renderer |
+--------------------+----------------------------------------------+
| Crypto | SHA-256 | AES-128 | HMAC | PBKDF2 | TLS 1.3 |
+--------------------+----------------------------------------------+
| Platform | Linux | macOS | Windows | EmbeddedOS | Web |
+------------------------------------------------------------------+
- seccomp-BPF syscall filtering - only whitelisted syscalls allowed
- Linux namespaces - PID, network, mount, user, IPC isolation
- Capability dropping - minimal privilege principle
- W^X enforcement - no memory region is both writable and executable
- Guard pages - memory access violations immediately caught
- Canary values (0xDEADC0DE) before/after every allocation
- Quarantine zone - freed memory held to detect use-after-free
- Double-free detection with source location tracking
- Memory zeroing on free - prevents data leakage
- Pool allocator - zero-fragmentation for hot paths
- Allocation tracking with file:line for every malloc
- Domain blocklist with wildcard matching (
*.tracker.com) - CIDR IP filtering (
192.168.0.0/16) - Rate limiting per domain (requests/sec, requests/min)
- HTTPS-only mode - automatic HTTP→HTTPS upgrade
- Non-standard port blocking
- Blocklist file loading (hosts format compatible)
- Canvas noise injection - random bits per pixel channel
- WebGL spoofing - fake vendor/renderer strings
- Font enumeration restriction - Tor Browser font list
- Timing attack mitigation - jittered
performance.now() - Screen normalization - report standard resolution
- User-Agent randomization per session
- WebRTC IP leak prevention
- Battery/Bluetooth/USB API blocking
- 4 protection levels: Off → Standard → Strict → Tor-like
- DNS-over-HTTPS (DoH) enabled by default
- DNSSEC validation
- DNS rebinding protection - blocks private IP responses
- DNS cache with TTL management
- Multiple DoH providers (Cloudflare, Google)
- CSP enforcement with all directives
- XSS sanitizer with 7 threat categories
- CORS validation
- Mixed content blocking
- HSTS support
- Cookie security (SameSite, HttpOnly, Secure flags)
-fstack-protector-strong- stack buffer overflow protection-D_FORTIFY_SOURCE=2- runtime buffer overflow checks-fPIE+-pie- Position Independent Executable (ASLR)-Wl,-z,relro,-z,now- Full RELRO (GOT hardening)-Wl,-z,noexecstack- Non-executable stack
eBrowser supports Chrome/Firefox-compatible extensions via Manifest V3:
| API | Status | Description |
|---|---|---|
storage |
✅ Full | Local, sync, session storage |
tabs |
✅ Full | Create, query, update, remove tabs |
webRequest |
✅ Full | Intercept/modify/block requests |
contextMenus |
✅ Full | Custom right-click menu items |
alarms |
✅ Full | Periodic and one-shot timers |
notifications |
✅ Full | Desktop notifications |
bookmarks |
✅ Full | Bookmark CRUD operations |
downloads |
✅ Full | Download management |
cookies |
✅ Full | Cookie read/write |
history |
✅ Full | Browsing history access |
scripting |
✅ Full | Programmatic script injection |
runtime |
✅ Full | Messaging, lifecycle events |
privacy |
✅ Full | Privacy settings control |
proxy |
✅ Full | Proxy configuration |
devtools |
✅ Full | DevTools panel extensions |
sidePanel |
✅ Full | Side panel UI |
nativeMessaging |
✅ Full | Native app communication |
- Manifest V3 parsing with full validation
- Content script injection with URL match patterns (
<all_urls>,*://*.example.com/*) - Background service workers
- Per-extension sandboxing with capability-based permissions
- Extension-to-extension messaging (ports + one-shot)
- WebRequest interception for ad blockers, privacy tools
- Hot-reload for extension development
- Blocklist-based extension security
- Configurable worker threads (auto-detect CPU cores)
- Priority-based task queue
- Parallel HTML parsing, CSS computation, layout, rendering
- Configurable max entries and memory limit
- TTL-based expiration
- O(1) get/put with doubly-linked list
- Multiple concurrent streams over single connection
- Header compression (HPACK)
- Stream prioritization
- Predictive prefetch of linked resources
- Priority-based queue with deduplication
- Brotli, Zstd, Gzip, Deflate support
- Automatic content-encoding detection
- EasyList/EasyPrivacy compatible filter syntax
- Cosmetic filtering (element hiding via CSS selectors)
- Domain anchoring (
||tracker.com^) - Resource type filtering (script, image, XHR, etc.)
- Exception rules (
@@||allowed.com) - Per-domain rules with include/exclude
- CNAME uncloaking support
| Mode | Cookies | Referrer | Tracking Params | Storage |
|---|---|---|---|---|
| Normal | Block 3P | Origin only | Stripped | Persistent |
| Incognito | Delete on close | Origin only | Stripped | Session only |
| Tor Mode | Block all | None | Stripped | Partitioned |
Automatically strips 25+ tracking parameters:
utm_source, utm_medium, utm_campaign, fbclid, gclid, msclkid, twclid, igshid, etc.
- Do Not Track (DNT) header injection
- Global Privacy Control (GPC) header
- First-Party Isolation - storage partitioned by origin
- Tab groups with color coding and naming
- Split view - side-by-side tab comparison
- Tab pinning - persistent tabs
- Tab hibernation - auto-sleep inactive tabs (saves memory)
- Tab search - find tabs by title/URL
- Recently closed - reopen closed tabs
- Tab duplication
- Per-tab muting and zoom control
- Folder hierarchy with drag-and-drop
- Tag-based organization
- Full-text search across titles and URLs
- HTML export/import (Netscape bookmark format)
- Visit tracking and frequency sorting
- Parallel downloads with configurable concurrency
- Pause/Resume support
- SHA-256 verification
- Auto-retry on failure
- Progress tracking with speed calculation
- Console - log, warn, error, info, debug levels
- Network monitor - request/response timing, sizes, caching
- DOM inspector - node highlighting and inspection
- Performance profiler - page load timing breakdown
- Preserve log across navigations
- Article extraction (Readability algorithm)
- 3 themes: Light, Dark, Sepia
- Customizable font size, line height, max width
- Reading time estimation
- Word count display
- Light/Dark/Auto mode (follows system preference)
- Custom accent colors
- High contrast mode for accessibility
- Reduced motion mode
- Force dark mode on all websites
- Custom CSS injection
git clone --recursive https://github.com/embeddedos-org/eBrowser.git
cd eBrowser
chmod +x setup.sh
./setup.sh # builds and opens the browser
./setup.sh https://example.com # opens directly to a URLWindows:
git clone --recursive https://github.com/embeddedos-org/eBrowser.git
cd eBrowser
setup.bateBrowser/
├── include/ebrowser/ # Public API headers (37 files)
│ ├── sandbox.h # Process sandboxing
│ ├── memory_safety.h # Hardened allocator
│ ├── firewall.h # Application firewall
│ ├── anti_fingerprint.h # Anti-fingerprinting
│ ├── dns_security.h # DoH/DNSSEC
│ ├── extension.h # WebExtensions V3
│ ├── privacy.h # Privacy engine
│ ├── tracker_blocker.h # Ad/tracker blocker
│ ├── perf.h # Performance engine
│ ├── tab_manager.h # Advanced tabs
│ ├── bookmark.h # Bookmarks
│ ├── download.h # Downloads
│ ├── devtools.h # Developer tools
│ ├── reader_mode.h # Reader mode
│ ├── theme.h # Theme engine
│ ├── security.h # CSP/XSS/CORS
│ ├── crypto.h # Cryptography
│ ├── tls.h # TLS 1.2/1.3
│ ├── dom.h # DOM tree
│ ├── html_parser.h # HTML5 parser
│ ├── css_parser.h # CSS3 parser
│ ├── layout.h # Layout engine
│ ├── render.h # Renderer
│ ├── js_engine.h # JavaScript engine
│ └── ... # + 13 more
├── src/
│ ├── security/ # Security fortress
│ │ ├── sandbox/ # seccomp, namespaces, W^X
│ │ ├── memory/ # Hardened allocator
│ │ ├── firewall/ # App-level firewall
│ │ ├── anti_fingerprint/ # Canvas/WebGL/font protection
│ │ ├── dns/ # DoH, DNSSEC
│ │ ├── security.c # CSP, XSS, CORS
│ │ ├── crypto.c # SHA-256, AES, HMAC
│ │ └── tls.c # TLS 1.2/1.3
│ ├── extensions/ # WebExtensions V3 engine
│ ├── privacy/ # Privacy + tracker blocker
│ ├── perf/ # Thread pool, cache, HTTP/2
│ ├── ui/ # Tab mgr, bookmarks, devtools
│ ├── engine/ # HTML, CSS, DOM, layout, JS
│ ├── render/ # LVGL rendering backend
│ ├── network/ # HTTP, URL, cookies, cache
│ ├── browser/ # Browser UI shell
│ └── ...
├── tests/ # Comprehensive test suite
├── docs/ # Documentation & book
├── enterprise/ # Docker, Helm, deployment
└── platform/ # Platform abstraction layer
- 50,000x smaller codebase (~25K vs ~35M lines)
- 60x less memory per tab
- Built-in tracker blocker (no extension needed)
- Built-in anti-fingerprinting (no extension needed)
- Built-in application firewall (unique to eBrowser)
- Hardened memory with canary + quarantine + guard pages
- Runs on embedded devices (IoT, ARM, RTOS)
- 800x smaller codebase
- 40x less memory per tab
- Stronger anti-fingerprinting (Tor-level available)
- Built-in firewall with CIDR + rate limiting
- Memory safety beyond what Rust provides at runtime
- Similar privacy features, but lighter
- More extensible - full WebExtensions V3 API
- Application firewall - unique security layer
- Embedded support - runs on microcontrollers
- Equal anti-fingerprinting protection (Tor-like mode)
- More features - extensions, tab groups, bookmarks, devtools
- Faster - no Tor network overhead
- Smaller footprint
MIT License - see LICENSE for details.
eBrowser v2.0 - Built for security. Designed for speed. Made for everyone.