The BubblesTheDev Web Browser project takes security seriously. This document explains how to report security issues and how confirmed vulnerabilities are handled.
Security fixes are generally provided for the most recent stable release of the browser.
| Version | Supported |
|---|---|
| 1.0.30 | Yes |
| Older versions | No |
Users should run the latest available version of the browser to receive the newest security fixes and improvements.
If you discover a security vulnerability, please report it privately.
Do not open a public GitHub issue for security reports.
Report vulnerabilities by email:
Email: browser-support@bubbles-browser.fnbubbles420.org
Please include:
- a clear description of the issue
- steps to reproduce the problem
- the affected browser version
- operating system details
- screenshots, logs, or proof of concept if available
The more detail included in the report, the faster the issue can usually be validated and addressed.
When a report is received, the general process is:
- Acknowledge the report
- Investigate and validate the issue
- Prepare a fix if needed
- Release a security update when appropriate
- Share public disclosure details after a fix is available
Response times can vary depending on severity, complexity, and reproducibility, but confirmed issues are handled as responsibly and as quickly as possible.
Security researchers are asked to:
- allow reasonable time for investigation and remediation
- avoid public disclosure before a fix is available
- provide enough technical detail to help reproduce the issue
Responsible disclosure helps protect users while fixes are being prepared.
This policy applies to:
- the browser application
- installer packages
- official project repositories
Third-party components such as Electron, Chromium, and Node.js follow their own security policies and release cycles.
The project depends on upstream open-source software, including:
- Electron
- Chromium
- Node.js
Security fixes in these dependencies may require updating the browser to newer upstream versions. Keeping dependencies current is an important part of maintaining the browser's security posture.
The browser is developed with a reduced-surface approach that emphasizes:
- minimal background services
- no built-in telemetry frameworks
- local-first data storage
- reliance on Chromium sandboxing and process isolation where applicable
This approach helps limit unnecessary network activity and reduces avoidable attack surface.
For security matters, email is the preferred contact method:
Email: browser-support@bubbles-browser.fnbubbles420.org
If needed, you may also reach out through the community Discord:
Developed by BubblesTheDev