What are the general security implications behind using a web app vs its equivalent desktop app?


In 2020, there are a lot of applications which have a web interface as well as “desktop apps.” Such applications are either the same in functionality or very close. Three examples of this situation are the Slack, Discord, and Keeper Security applications. As a user, I am often left with a choice: Do I use the webapp in the browser, or do I download and install the desktop app?

In order to not be too vague, I’m not going to ask the question “which is more secure?” As this may not be possible to answer without a specific reference. However, there is truth to the fact that many of these applications are running on top of runtimes like Chrome, V8, Electron, Mono, etc…. For the purposes of this question, please assume that the app is of this style and not a “fully native” compiled app written directly in C or C++.

Ignoring any functionality differences (such as, I need the desktop app in order to do livestreaming), please list the general security implications of using the browser app vs desktop app.

For security reasons, why might I prefer to run the web in-browser version of the app rather than the desktop app and vice versa? One such implication could be, “exploitation in a browser-run web app would be limited to the tab’s process, whereas in a desktop app, it could potentially access a greater scope” for example.