you realize modern browsers have millions of lines and over a decade (or two!) of legacy code running that are under constant scrutiny by actors who spend all their time finding exploits in binary executables, right?
you realize your operating system also ships system updates on a regular, often daily basis, right?
“How is a security hole in the thing people use to do their banking a problem for the user?”
If you think it’s just a matter of writing a completely fresh browser every few years to remove legacy code, then I invite you to do so and prove us all wrong. I’ll be looking forward to it, along with all of the new security holes you open by using new, untested code all the time.
In the meantime, feel free to use an ESR version of whatever browser you prefer a slower update cycle while still being supported for any major security findings.
You know there’s another option besides not passing security holes to the users and then patching them later right?
you realize modern browsers have millions of lines and over a decade (or two!) of legacy code running that are under constant scrutiny by actors who spend all their time finding exploits in binary executables, right?
you realize your operating system also ships system updates on a regular, often daily basis, right?
How is any of that the user’s problem
If you think it’s just a matter of writing a completely fresh browser every few years to remove legacy code, then I invite you to do so and prove us all wrong. I’ll be looking forward to it, along with all of the new security holes you open by using new, untested code all the time.
In the meantime, feel free to use an ESR version of whatever browser you prefer a slower update cycle while still being supported for any major security findings.