This Month in Ladybird - June 2026 - Ladybird
This Month in Ladybird — June 2026
Hello friends! In June, Ladybird gained several things it couldn’t do before: you can now download files, browse and search your history, inspect cookies and storage in DevTools, and change video playback speed. Under the hood, our services started running inside real security sandboxes on Linux and macOS. Here’s what we’ve been up to.
Welcoming new sponsors
Ladybird is entirely funded by the generous support of companies and individuals who believe in the open web. This month, we’re excited to welcome the following sponsors:
Paul Copplestone with $10,000 (renewed sponsorship!)
SerpApi with $5,000 (renewed sponsorship!)
Zeroramp with $5,000
Kinde with $5,000
Sjors Witteveen with $1,000 (renewed sponsorship!)
publicqi with $1,000
All Things Secured with $1,000
We’re incredibly grateful for their support. If you’re interested in sponsoring the project, please contact us.
Downloads
Ladybird can now download files! There’s a toolbar indicator with a popover showing active downloads and progress, an about:downloads page, cancellation, and a confirmation prompt if you try to quit with downloads in flight (#10335).
Downloads are managed in the UI process, so a download keeps going even if you close the tab that started it.
Browsing history
There’s now an about:history page that lists your local browsing history with search and the ability to delete entries (#10038). Internally, browser history now lives in the UI process (#10085).
Right-clicking or long-pressing the back and forward buttons now shows a native history menu, with saved titles and favicons (#10128). There’s also a keyboard shortcut to clear browsing data, along with deep links into the relevant settings dialogs (#10262).
DevTools: storage, styles, and scripts
Our DevTools gained a Storage tab this month: you can inspect and modify cookies (#10035), browse and edit localStorage and sessionStorage (#10055), and inspect IndexedDB databases (#10143). CSS rule inspection also landed, showing the individual declarations behind a computed value, with overridden ones struck through, invalid ones flagged, and working jump-to-source links including for user-agent styles (#9869):
There’s also a new script sources view with pretty-printing, folding, search, and jump-to-definition (#10195).
Media: playback speed and muted autoplay
You can now change media playback speed (#9925). Audio is time-stretched using Chromium’s WSOLA algorithm, so the pitch stays put and speech stays intelligible whether you speed a clip up or slow it down. Here it is at a few different speeds, with sound:
Muted media can now autoplay by default (#10014). The old autoplay setting was all-or-nothing and blocked everything, including silent background videos, which left a lot of sites looking broken. It’s now a tri-state policy that allows inaudible media to autoplay while still keeping audible playback gated behind a user interaction, so unmuting or calling play() can’t sneak sound past it.
BeforeAfter<br>Security and hardening
We spent a bunch of time in June making Ladybird harder to attack.
Sandboxed services : Helper processes now run inside real sandboxes on Linux and macOS, using seccomp/Landlock on Linux and Seatbelt profiles on macOS (#10001, #10042). Sandboxing is now on by default (#10132).
Heap partitioning : String data, ArrayBuffer backing stores, and JS object property storage now live in dedicated heap partitions, keeping unrelated data away from security-sensitive state (#10041, #10025, #10033).
Fuzzing fixes : We fixed a batch of fuzzer-found crashes and undefined-behavior issues across DOM, layout, image decoding, and CSS pixel math (#9959, #10100, #10110, #10217, #10249).
Memory-safe decoding : Text encoding/decoding moved to Firefox’s Rust-based encoding_rs, and GIF decoding moved to Wuffs (#10204, #10031).
Canvas isolation : Cross-origin image data is now tracked for canvas tainting, and toDataURL()/toBlob() are rejected on tainted canvases (#10094, #10013).
GPU access moves into the sandboxed compositor
Last month we moved the compositor, the part of the browser that assembles and paints the final pixels you see on screen, into its own process. This month, canvas and WebGL rendering moved across the same boundary. 2D canvas command lists are now replayed and rasterized in the compositor (#10086, #10133), nested contexts rasterize during replay (#10194), and WebGL commands are streamed over shared memory (#10269).
The payoff is security as much as architecture: WebContent processes no longer need direct GPU access (#10154, #10156). Pinch-zoom is also handled asynchronously on the compositor, so zooming stays responsive even when the main thread is busy (#10120).
Down to a single JavaScript interpreter
LibJS now runs its optimized assembly interpreter on every platform, after enabling it on Windows (#10093). That let us delete the older generic bytecode...