MacOS 10.14 Mojave introduces the Enhanced/Hardened Runtime capability that sets a more restrictive security baseline than a standard macOS app. It is similar to the `codesign -o restrict` flag that Chrome is currently signed with (see  issue 523045  and  issue 523041 ), but it includes enforcement of more restrictions. Specifically:

A) All executable pages must be backed by a valid code signature
B) Signature for all libraries, frameworks, and plugins are validated at runtime
C) Apps opting in to the new runtime cannot debug other apps or be debugged themselves unless the capability is declared
D) Attempts to access protected resources without pre-declaring intent will result in a hard crash

For (A) we will most certainly need to create some exceptions due to V8's JITing. We can use the com.apple.security.cs.allow-jit entitlement for that. This will not only affect the renderer but likely also the browser due to the PAC proxy resolver.

We also need to ensure that any plugins we load (e.g., Flash) are also signed to not run afoul of (B), but I think that may be already be taken care of. When we tried to enforce this ourselves previously (see  issue 497190 ), we ran into issues because printer modules are non-Apple-or-team-ID-signed and have to be loaded into the print dialog in-process. We should investigate what's changed here on 10.14.

For signed official builds, (C) already applies.

And we will need to do work for (D), for which I've filed  issue 850175 . But we'll also need to add the appropriate entitlements: com.apple.security.device.audio-input, com.apple.security.device.camera, com.apple.security.personal-information.location, and potentially com.apple.security.personal-information.photos-library.

It is currently unclear if the hardened runtime requires the app also be sandboxed, which would mean sandboxing the browser process.

More details here:
https://help.apple.com/xcode/mac/current/#/devf87a2ac8f
https://developer.apple.com/videos/play/wwdc2018/702/