The Most Secure, Fastest, and Most Extensible Lightweight Browser
| Feature | Chrome | Firefox | Brave | Tor | eBrowser |
|---|---|---|---|---|---|
| Memory Usage | ~300MB/tab | ~200MB/tab | ~250MB/tab | ~150MB/tab | <5MB/tab |
| Process Sandbox | Yes | Yes | Yes | Yes | Yes (seccomp+ns) |
| Memory Safety | Partial | Partial | Partial | No | Full (canary+guard+UAF) |
| Anti-Fingerprint | No | Basic | Basic | Strong | Tor-level + canvas noise |
| Tracker Blocker | No | Enhanced | Shields | Yes | Built-in (EasyList) |
| DNS Encryption | DoH opt-in | DoH opt-in | DoH | Tor | DoH default + DNSSEC |
| App Firewall | No | No | No | No | Full (CIDR+rate+wildcard) |
| Extension Support | Chrome Web Store | AMO | Chrome | Limited | WebExtensions V3 |
| W^X Enforcement | Yes | Partial | Yes | No | Full |
| HTTPS-Only | Opt-in | Opt-in | Opt-in | Yes | Default |
| Embedded/IoT | No | No | No | No | Native (LVGL) |
| Code Size | ~35M lines | ~20M lines | ~35M lines | ~20M lines | <25K lines |
+------------------------------------------------------------------+
| eBrowser v2.0 |
+------------------------------------------------------------------+
| UI Layer | Tab Manager | Bookmarks | Downloads | DevTools|
| (LVGL-based) | Reader Mode | Theme Engine | Split View |
+--------------------+----------------------------------------------+
| Extension Engine | WebExtensions V3 | Content Scripts | Storage |
| | Alarms | Context Menus | WebRequest API |
+--------------------+----------------------------------------------+
| Privacy Engine | Tracker Blocker | URL Cleaner | Cookie Policy |
| | Referrer Strip | GPC/DNT | Incognito/Tor Mode |
+--------------------+----------------------------------------------+
| Security Fortress | Sandbox (seccomp/ns) | Memory Safety |
| | App Firewall | Anti-Fingerprint | W^X |
+--------------------+----------------------------------------------+
| Performance | Thread Pool | LRU Cache | HTTP/2 Mux |
| | Prefetcher | Brotli/Zstd | Profiling |
+--------------------+----------------------------------------------+
| Network | HTTP/HTTPS | TLS 1.3 | DoH/DNSSEC | CORS |
+--------------------+----------------------------------------------+
| Engine | HTML5 Parser | CSS3 | DOM | Layout | JS |
| | SVG | GPU Renderer |
+--------------------+----------------------------------------------+
| Crypto | SHA-256 | AES-128 | HMAC | PBKDF2 | TLS 1.3 |
+--------------------+----------------------------------------------+
| Platform | Linux | macOS | Windows | EmbeddedOS | Web |
+------------------------------------------------------------------+
- seccomp-BPF syscall filtering - only whitelisted syscalls allowed
- Linux namespaces - PID, network, mount, user, IPC isolation
- Capability dropping - minimal privilege principle
- W^X enforcement - no memory region is both writable and executable
- Guard pages - memory access violations immediately caught
- Canary values (0xDEADC0DE) before/after every allocation
- Quarantine zone - freed memory held to detect use-after-free
- Double-free detection with source location tracking
- Memory zeroing on free - prevents data leakage
- Pool allocator - zero-fragmentation for hot paths
- Allocation tracking with file:line for every malloc
- Domain blocklist with wildcard matching (
*.tracker.com) - CIDR IP filtering (
192.168.0.0/16) - Rate limiting per domain (requests/sec, requests/min)
- HTTPS-only mode - automatic HTTPβHTTPS upgrade
- Non-standard port blocking
- Blocklist file loading (hosts format compatible)
- Canvas noise injection - random bits per pixel channel
- WebGL spoofing - fake vendor/renderer strings
- Font enumeration restriction - Tor Browser font list
- Timing attack mitigation - jittered
performance.now() - Screen normalization - report standard resolution
- User-Agent randomization per session
- WebRTC IP leak prevention
- Battery/Bluetooth/USB API blocking
- 4 protection levels: Off β Standard β Strict β Tor-like
- DNS-over-HTTPS (DoH) enabled by default
- DNSSEC validation
- DNS rebinding protection - blocks private IP responses
- DNS cache with TTL management
- Multiple DoH providers (Cloudflare, Google)
- CSP enforcement with all directives
- XSS sanitizer with 7 threat categories
- CORS validation
- Mixed content blocking
- HSTS support
- Cookie security (SameSite, HttpOnly, Secure flags)
-fstack-protector-strong- stack buffer overflow protection-D_FORTIFY_SOURCE=2- runtime buffer overflow checks-fPIE+-pie- Position Independent Executable (ASLR)-Wl,-z,relro,-z,now- Full RELRO (GOT hardening)-Wl,-z,noexecstack- Non-executable stack
eBrowser supports Chrome/Firefox-compatible extensions via Manifest V3:
| API | Status | Description |
|---|---|---|
storage |
β Full | Local, sync, session storage |
tabs |
β Full | Create, query, update, remove tabs |
webRequest |
β Full | Intercept/modify/block requests |
contextMenus |
β Full | Custom right-click menu items |
alarms |
β Full | Periodic and one-shot timers |
notifications |
β Full | Desktop notifications |
bookmarks |
β Full | Bookmark CRUD operations |
downloads |
β Full | Download management |
cookies |
β Full | Cookie read/write |
history |
β Full | Browsing history access |
scripting |
β Full | Programmatic script injection |
runtime |
β Full | Messaging, lifecycle events |
privacy |
β Full | Privacy settings control |
proxy |
β Full | Proxy configuration |
devtools |
β Full | DevTools panel extensions |
sidePanel |
β Full | Side panel UI |
nativeMessaging |
β Full | Native app communication |
- Manifest V3 parsing with full validation
- Content script injection with URL match patterns (
<all_urls>,*://*.example.com/*) - Background service workers
- Per-extension sandboxing with capability-based permissions
- Extension-to-extension messaging (ports + one-shot)
- WebRequest interception for ad blockers, privacy tools
- Hot-reload for extension development
- Blocklist-based extension security
- Configurable worker threads (auto-detect CPU cores)
- Priority-based task queue
- Parallel HTML parsing, CSS computation, layout, rendering
- Configurable max entries and memory limit
- TTL-based expiration
- O(1) get/put with doubly-linked list
- Multiple concurrent streams over single connection
- Header compression (HPACK)
- Stream prioritization
- Predictive prefetch of linked resources
- Priority-based queue with deduplication
- Brotli, Zstd, Gzip, Deflate support
- Automatic content-encoding detection
Tracker & Ad Blocker (Built-in, rivals uBlock Origin)
- EasyList/EasyPrivacy compatible filter syntax
- Cosmetic filtering (element hiding via CSS selectors)
- Domain anchoring (
||tracker.com^) - Resource type filtering (script, image, XHR, etc.)
- Exception rules (
@@||allowed.com) - Per-domain rules with include/exclude
- CNAME uncloaking support
| Mode | Cookies | Referrer | Tracking Params | Storage |
|---|---|---|---|---|
| Normal | Block 3P | Origin only | Stripped | Persistent |
| Incognito | Delete on close | Origin only | Stripped | Session only |
| Tor Mode | Block all | None | Stripped | Partitioned |
Automatically strips 25+ tracking parameters:
utm_source, utm_medium, utm_campaign, fbclid, gclid, msclkid, twclid, igshid, etc.
- Do Not Track (DNT) header injection
- Global Privacy Control (GPC) header
- First-Party Isolation - storage partitioned by origin
- Tab groups with color coding and naming
- Split view - side-by-side tab comparison
- Tab pinning - persistent tabs
- Tab hibernation - auto-sleep inactive tabs (saves memory)
- Tab search - find tabs by title/URL
- Recently closed - reopen closed tabs
- Tab duplication
- Per-tab muting and zoom control
- Folder hierarchy with drag-and-drop
- Tag-based organization
- Full-text search across titles and URLs
- HTML export/import (Netscape bookmark format)
- Visit tracking and frequency sorting
- Parallel downloads with configurable concurrency
- Pause/Resume support
- SHA-256 verification
- Auto-retry on failure
- Progress tracking with speed calculation
- Console - log, warn, error, info, debug levels
- Network monitor - request/response timing, sizes, caching
- DOM inspector - node highlighting and inspection
- Performance profiler - page load timing breakdown
- Preserve log across navigations
- Article extraction (Readability algorithm)
- 3 themes: Light, Dark, Sepia
- Customizable font size, line height, max width
- Reading time estimation
- Word count display
- Light/Dark/Auto mode (follows system preference)
- Custom accent colors
- High contrast mode for accessibility
- Reduced motion mode
- Force dark mode on all websites
- Custom CSS injection
git clone --recursive https://github.com/embeddedos-org/eBrowser.git
cd eBrowser
chmod +x setup.sh
./setup.sh # builds and opens the browser
./setup.sh https://example.com # opens directly to a URLWindows:
git clone --recursive https://github.com/embeddedos-org/eBrowser.git
cd eBrowser
setup.bateBrowser/
βββ include/ebrowser/ # Public API headers (37 files)
β βββ sandbox.h # Process sandboxing
β βββ memory_safety.h # Hardened allocator
β βββ firewall.h # Application firewall
β βββ anti_fingerprint.h # Anti-fingerprinting
β βββ dns_security.h # DoH/DNSSEC
β βββ extension.h # WebExtensions V3
β βββ privacy.h # Privacy engine
β βββ tracker_blocker.h # Ad/tracker blocker
β βββ perf.h # Performance engine
β βββ tab_manager.h # Advanced tabs
β βββ bookmark.h # Bookmarks
β βββ download.h # Downloads
β βββ devtools.h # Developer tools
β βββ reader_mode.h # Reader mode
β βββ theme.h # Theme engine
β βββ security.h # CSP/XSS/CORS
β βββ crypto.h # Cryptography
β βββ tls.h # TLS 1.2/1.3
β βββ dom.h # DOM tree
β βββ html_parser.h # HTML5 parser
β βββ css_parser.h # CSS3 parser
β βββ layout.h # Layout engine
β βββ render.h # Renderer
β βββ js_engine.h # JavaScript engine
β βββ ... # + 13 more
βββ src/
β βββ security/ # Security fortress
β β βββ sandbox/ # seccomp, namespaces, W^X
β β βββ memory/ # Hardened allocator
β β βββ firewall/ # App-level firewall
β β βββ anti_fingerprint/ # Canvas/WebGL/font protection
β β βββ dns/ # DoH, DNSSEC
β β βββ security.c # CSP, XSS, CORS
β β βββ crypto.c # SHA-256, AES, HMAC
β β βββ tls.c # TLS 1.2/1.3
β βββ extensions/ # WebExtensions V3 engine
β βββ privacy/ # Privacy + tracker blocker
β βββ perf/ # Thread pool, cache, HTTP/2
β βββ ui/ # Tab mgr, bookmarks, devtools
β βββ engine/ # HTML, CSS, DOM, layout, JS
β βββ render/ # LVGL rendering backend
β βββ network/ # HTTP, URL, cookies, cache
β βββ browser/ # Browser UI shell
β βββ ...
βββ tests/ # Comprehensive test suite
βββ docs/ # Documentation & book
βββ enterprise/ # Docker, Helm, deployment
βββ platform/ # Platform abstraction layer
- 50,000x smaller codebase (~25K vs ~35M lines)
- 60x less memory per tab
- Built-in tracker blocker (no extension needed)
- Built-in anti-fingerprinting (no extension needed)
- Built-in application firewall (unique to eBrowser)
- Hardened memory with canary + quarantine + guard pages
- Runs on embedded devices (IoT, ARM, RTOS)
- 800x smaller codebase
- 40x less memory per tab
- Stronger anti-fingerprinting (Tor-level available)
- Built-in firewall with CIDR + rate limiting
- Memory safety beyond what Rust provides at runtime
- Similar privacy features, but lighter
- More extensible - full WebExtensions V3 API
- Application firewall - unique security layer
- Embedded support - runs on microcontrollers
- Equal anti-fingerprinting protection (Tor-like mode)
- More features - extensions, tab groups, bookmarks, devtools
- Faster - no Tor network overhead
- Smaller footprint
master is the line of development; every PR lands here. release is a
rolling pointer to the latest released vX.Y.Z tag, updated automatically
by .github/workflows/sync-release-branch.yml.
Tags are immutable.
See embeddedos-org/.github/STANDARDS.md for the org-wide tag scheme, release model, and the compliance frameworks every product targets.
MIT License - see LICENSE for details.
eBrowser v2.0 - Built for security. Designed for speed. Made for everyone.
The web-app/ directory contains a full-featured Progressive Web App browser built with React 18 + TypeScript + Vite.
- Multi-tab management with drag-and-drop, pinning, muting, and tab groups
- Smart address bar with URL/search autocomplete and history suggestions
- 12 languages with full RTL support (Arabic, Hebrew, etc.)
- Privacy dashboard β tracker/ad blocking, HTTPS-only, DoH, GPC, DNT, anti-fingerprinting
- Password manager with encrypted storage
- Notes β in-browser note-taking linked to pages
- Reading List β save articles for later
- GPS & Location β full geolocation API integration
- DevTools β Console, Elements, Network, Storage, Sources, Debugger panels
- Extensions system β WebExtensions V3 compatible
- Command Palette (Ctrl+K) β quick command launcher
- Find in Page (Ctrl+F)
- Zen Mode β distraction-free fullscreen
- PWA β installable, offline-capable, push notifications
cd web-app
npm install
npm run dev # Development server at http://localhost:5173
npm run build # Production build to dist/
npm run preview # Preview production build| Shortcut | Action |
|---|---|
Ctrl+T |
New Tab |
Ctrl+W |
Close Tab |
Ctrl+Shift+N |
New Incognito Tab |
Ctrl+Tab |
Next Tab |
Ctrl+L / F6 |
Focus Address Bar |
Ctrl+R / F5 |
Reload |
Ctrl+H |
History |
Ctrl+J |
Downloads |
Ctrl+D |
Bookmark Page |
Ctrl+F |
Find in Page |
Ctrl+K |
Command Palette |
F11 |
Fullscreen |
F12 |
DevTools |
| URL | Description |
|---|---|
about:newtab |
New Tab with search, top sites, news |
ebrowser://settings |
Full settings |
ebrowser://history |
Browsing history |
ebrowser://bookmarks |
Bookmark manager |
ebrowser://downloads |
Download manager |
ebrowser://extensions |
Extension manager |
ebrowser://privacy |
Privacy dashboard |
ebrowser://passwords |
Password manager |
ebrowser://notes |
Notes |
ebrowser://reading-list |
Reading list |
ebrowser://gps |
GPS & Location |
The extension/ directory contains a Manifest V3 browser extension compatible with Chrome, Edge, Brave, and Firefox.
- Tracker blocking β 20+ tracker domains via
declarativeNetRequest - Ad blocking β 10+ ad network domains
- Privacy controls β GPC, DNT, HTTPS-only, DoH toggles
- Custom New Tab β Clock, search, quick sites
- Context menus β Save bookmarks, add to reading list, search selection
- Statistics β Trackers/ads blocked counter
- Keyboard shortcuts β
Ctrl+Shift+Eto open,Ctrl+Shift+Pprivacy toggle
Chrome / Edge / Brave:
- Go to
chrome://extensions - Enable Developer mode
- Click Load unpacked β select
extension/folder
Firefox:
- Go to
about:debugging - Click This Firefox β Load Temporary Add-on
- Select
extension/manifest.json
The mobile/ directory contains a React Native + Expo mobile browser for Android and iOS.
- Full WebView browser with multi-tab support
- Smart address bar with URL/search
- Native navigation gestures (swipe back/forward)
- Share integration, geolocation, biometric auth
- Dark mode (system theme)
- Push notifications
- File downloads
cd mobile
npm install
npm start # Expo development server
npm run android # Android emulator
npm run ios # iOS simulator (macOS required)npm install -g eas-cli
eas login
eas build --platform android --profile production
eas build --platform ios --profile production
eas submit --platform android
eas submit --platform iosWeb App, Extension, and Mobile App added in v2.0 β EmbeddedOS Organization