Security

How Orbit protects your browsing

Our Security Philosophy

Security at Orbit is built on three core principles:

Defense in Depth

We don't rely on a single security measure. Orbit uses multiple layers of protection—sandboxing, process isolation, secure defaults, and regular updates—to ensure that a vulnerability in one layer doesn't compromise your system.

Secure by Default

Orbit ships with security features enabled out of the box. You don't need to be a security expert to browse safely. HTTPS-only mode, third-party cookie blocking, and tracker protection are all active from the first launch.

Transparency

We believe you should understand how your browser protects you. This page explains our security architecture in plain language. Our changelog documents every security fix. And our code is open for review.

Chromium Security Model

Orbit is built on Chromium, the same open-source foundation used by Google Chrome, Microsoft Edge, and Brave. This gives us access to industry-leading security architecture:

Sandboxing

Chromium uses a multi-layer sandbox to isolate web content from your system:

  • Renderer sandbox: Each tab runs in a restricted process that cannot access files, network, or other system resources directly
  • GPU sandbox: Graphics processing is isolated to prevent driver exploits
  • Network sandbox: Network requests go through a dedicated broker process

On Windows, we use the OS-native sandbox (Windows Sandbox API) for maximum compatibility and security.

Site Isolation

Each website runs in its own process, isolated from other sites. This means:

  • A malicious site cannot read data from your banking site
  • Cross-site scripting attacks are contained
  • Spectre-style attacks are mitigated

Multi-Process Model

Orbit separates different functions into distinct processes:

  • Browser process: UI, navigation, storage (privileged)
  • Renderer processes: Web content (sandboxed)
  • GPU process: Graphics rendering (limited privileges)
  • Utility processes: Audio, networking, extensions (restricted)

If one process crashes or is compromised, the others remain protected.

Electron Hardening

Orbit uses Electron to provide native desktop functionality. We've implemented several hardening measures to ensure this doesn't compromise security:

Context Isolation

Context isolation is enabled for all renderer processes. This creates a separate JavaScript context for preload scripts and web content, preventing websites from accessing Electron APIs even if they escape the sandbox.

No Node.js in Web Content

Node.js integration is disabled in renderer processes. Web pages cannot access the filesystem, execute system commands, or use Node modules. This is enforced at the Electron configuration level.

Secure IPC

Communication between the renderer and main process uses a carefully designed IPC bridge:

  • Only explicitly whitelisted channels are allowed
  • All messages are validated before processing
  • No arbitrary code execution is possible through IPC

Content Security Policy

Orbit enforces strict CSP headers on all internal pages (settings, new tab, etc.) to prevent injection attacks:

  • Inline scripts are prohibited
  • Only local resources can be loaded
  • Eval and similar functions are blocked

Update Policy

Security Patches Prioritized

When Chromium releases a security update, we aim to ship an Orbit update within 48 hours for critical vulnerabilities, and within one week for high-severity issues. Our changelog clearly marks all security-related updates.

Auto-Updates

Orbit checks for updates automatically (you can disable this in Settings). When an update is available:

  • The update is downloaded in the background
  • Updates are signed with our code signing certificate
  • The signature is verified before installation
  • Orbit restarts to apply the update on next launch

Version Transparency

You can always see what version of Chromium and Electron Orbit is running:

  • Settings > About shows all version numbers
  • The changelog documents every Chromium/Electron update
  • Security advisories are posted for critical issues

Safe Browsing & Phishing Protection

Orbit can optionally use Google's Safe Browsing API to protect you from malicious websites:

What It Does

  • Checks URLs against Google's database of known phishing and malware sites
  • Warns you before visiting dangerous pages
  • Blocks downloads of known malicious files

What Data Is Shared

When Safe Browsing is enabled:

  • A partial hash of the URL is sent to Google (not the full URL)
  • Your IP address is visible to Google (as with any web request)
  • No cookies, account data, or browsing history is transmitted

Note: Safe Browsing is enabled by default but can be disabled in Settings > Privacy. Disabling it does not affect other security features.

Download Safety

Mark-of-the-Web

On Windows, Orbit applies the Mark-of-the-Web (MOTW) to all downloaded files. This Windows security feature:

  • Tags files as "from the internet"
  • Triggers Windows Defender SmartScreen warnings for executable files
  • Requires explicit user action to run potentially dangerous files

No Auto-Execution

Orbit never automatically runs downloaded files. Even safe file types require you to explicitly open them. This prevents drive-by download attacks.

Download Warnings

Orbit warns you before downloading:

  • Executable files (.exe, .msi, .bat)
  • Files from insecure (HTTP) sources
  • Files flagged by Safe Browsing

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue in Orbit, we ask that you follow responsible disclosure practices.

How to Report

Send vulnerability reports to:

Email: security@orbitbrowser.com

Please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Your assessment of the impact
  • Any suggested fixes (optional)

PGP Key

For sensitive communications, you can encrypt your message with our PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGaXhQMBEACnPwExampleKeyForOrbitBrowser ThisIsAPlaceholderPGPKeyForDemonstration PurposesOnlyDoNotUseForActualEncryption [...] -----END PGP PUBLIC KEY BLOCK-----

Our Commitment

  • We will acknowledge receipt of your report within 48 hours
  • We will provide a timeline for a fix within 7 days
  • We will credit you in the changelog (unless you prefer anonymity)
  • We will not take legal action against researchers following responsible disclosure

Transparency

We believe security claims should be verifiable. Here's how you can verify ours:

Release Notes

Our changelog documents every update, including security fixes. We reference specific CVEs when applicable.

Open Source

Orbit's source code is available for review. You can inspect our security implementation, verify our claims, and even build the browser yourself.

Security Advisories

For critical security issues, we publish detailed advisories explaining:

  • The nature of the vulnerability
  • Which versions are affected
  • How to update to a fixed version
  • Workarounds (if available)

Independent Verification

We welcome independent security audits. If you're a security researcher interested in auditing Orbit, please contact us at security@orbitbrowser.com.

Security Checklist

Want to maximize your security with Orbit? Here's a quick checklist:

  • Keep Orbit updated (enable auto-updates)
  • Use HTTPS-only mode (enabled by default)
  • Enable Safe Browsing for phishing protection
  • Block third-party cookies (enabled by default)
  • Use a password manager (Orbit's built-in or external)
  • Be cautious with extensions—only install from trusted sources
  • Review site permissions regularly (Settings > Privacy > Site Settings)