EA Desktop App is disabling CEF sandboxing!

Ok EA, you are now officially worse than Epic.

EA Desktop is created using Chrome Electron Framework (CEF for short).

CEF is a full featured browser based on Chrome which is used to render the make network requests and render user interface which is basically HTML/Javascript content.

Both networking and storage sub-processes of CEF are run with the option:

--service-sandbox-type=none

And additionally ALL CEF sub-processes are run with the option:

--no-sandbox

As another example of application based on CEF, Steam client is also setting service sandbox type to none but only for network service, and they aren't disabling sandbox at all on any of the CEF sub-processes. Not only that, but their renderer has custom implemented site isolation to prevent cross-site attacks.

I don't know what EA developers are trying to gain by doing this, but weakening CEF security on purpose doesn't look good to me especially considering how much 3rd party domains EA Desktop CEF instance is whitelisted to access.

It wouldn't even be the first time an ad network served malicious ad which would then be able to infect millions of gamer PCs as they wouldn't even need to bother with escaping the Chrome sandbox.