Yeah, and in due fashion Chromium became "critical infrastructure" when SpaceX decided to use it as the basis of the Dragon capsule's UI. They pinned to a super-old version of Chromium that stopped getting updates 18 weeks after release. Which means it is absolutely chock full of bugs.

It's extremely silly to run a web browser on a spaceship UI, but I imagine that they have an entirely different set of bugs to prioritize compared to a desktop web browser release. Most security and privacy issues that browsers constantly try to patch up aren't really there on an isolated touch screen control panel. Unless they hooked it up to the internet, in which case may god help us all.

When I worked on the SpaceX UI I don't remember the chromium version being super old. What was your experience with the pinning?

Hrmm.. But can you name any infrastructure as approximately as critical as a space rocket that uses some kind of rolling update release scenario instead? You raise a good point about the risk of pinning. Could it be that intelligent people also have valid concerns about the risks of _not_ pinning for such uses?

A quality shared with all software :) a threat model that includes bad actors hacking into spacecraft ui using known chromium vulnerabilities would have to include a dizzying array of more tangible physical threats we regularly discount

I don't know for sure if Tesla is also using Chromium for its in-car UI, but that's a much more tangible threat, because it is internet-enabled (and also not in orbit :-)).

It seems dangerous to have a car on the internet regardless of how up to date the browser is.

If the software hasn't changed, then it was chock full of bugs when it was new, too. What has changed is that now you know what the bugs are. For a capsule UI, it seems to me that would be better than a new version with unknown bugs.