How does Chromium’s sandboxing compare to Firejail’s?
I am increasingly being requested to join videoconferences through Zoom, which I don't trust to run on my machine. I understand that there are two common ways of sandboxing this software: you can either download the standalone Zoom application and then run it with the aid of some access control system, such as Firejail or AppArmor, or you can join the videoconference via Chromium, which will prompt the browser to download and run Zoom in its own sandboxed environment.
Another question here addresses the difference between Firejail and AppArmor (for the general case, not just for Zoom). But what are the differences between running an application in a Firejail sandbox versus running it in a Chromium sandbox? Using Chromium seems to be more convenient, since it doesn't require the user to separately download and install an access control system and the standalone application. But are there any differences from a security point of view? Do Chromium-sandboxed applications have access to any parts of one's system that Firejail-sandboxed applications do not, or vice versa? Are there any other advantages or disadvantages to consider?
(Note that although this question arose from pressure to use Zoom, I'm really interested in the more general issue of how Firejail and Chromium differ in their approach to sandboxing. I understand that the standalone Zoom application may differ in behaviour from the browser-based version that Chromium runs and so answers need not necessarily address any security risks specific to Zoom.)
