This is apparently an old issue that somehow got resurfaced again (pull).

tl;dr dev had enabled remote debugging back when the project was new to make debugging easier, apparently forgot about it, someone noticed and reported it, dev apologized and said he was learning and won’t do it again:

Maybe I underestimated the actual risk of this? Yes, but again, it was probably on the first month of development, we learn from our mistakes so we can now provide the most private and secure experience we can. Thanks

enables remote debugging by default and removes the prompt

I thought it just allowede easier debugging, sorry

Dunning–Kruger strikes again.

Unfortunately browsers are probably the single most complex piece of software in a computer nowadays, and doing it right is very difficult if you don’t have the resources to back it up. And it doesn’t help if it’s being done by someone that removes security warnings because they don’t understand them.

this looks like a project of one random guy who has now all of a sudden found themselves in charge of maintaining a super virally popular browser, after Arc Browser was left to die in maintenance. That star history on their github readme is insane.

This is to say, they are probably under a lot of pressure right now dealing with the responsibilities of a big browser, and do not necessarily have the manpower and knowledge to handle it all promptly. If you guys want this browser to succeed, consider helping the dude out, it is open source after all. I hope they can hire a team or something, maybe get a security focused person

Fuck! I was just starting to like that browser. Back to librewolf