What do you mean by sandbox here? Fedora has selinux by default which adds an extra layer of security. If you really want a “sandbox” qubes is probably the way to go. It runs everything in virtual machines, so if there was a browser escape they would still have to eacape the vm. It would be an very sophisticated attack and nothing you have to worry about.
And pulseaudio is fine lol what you’re describing would certainly be assigned a cve and the only cves for pulseaudio are all denial of service except for some back in 2009.
What do you mean by sandbox here? Fedora has selinux by default which adds an extra layer of security. If you really want a “sandbox” qubes is probably the way to go. It runs everything in virtual machines, so if there was a browser escape they would still have to eacape the vm. It would be an very sophisticated attack and nothing you have to worry about.
And pulseaudio is fine lol what you’re describing would certainly be assigned a cve and the only cves for pulseaudio are all denial of service except for some back in 2009.