Sandboxie and Chrome

Hi

Is it overkill to use SBIE on Google Chrome in Win7 64? Doesn't Chrome have some kind of sandboxing of it's own?

thanks
Ice

 

Chrome has its own sandboxing but don't see a disadvantage in running it under Sandboxie

 

I think Chrome sandbox is more like for stability

 

I can't explain the detail, but I have read a statement by Ilya (DefenseWall) that the Chrome sandbox is not secure due to Windows vulnerabilities. I don't know if these vulnerabilities exist in Windows 7 however.

 

thanks for the replies. SBIE and Chrome seem to run nicely together along with Avast 5.

Ice

 

I think Shadow Defender would be a good choice to run with Chrome rather than SBie. Just because SD works so simply and thorough.

 

.
Here is a link to a detailed explanation of how the sandbox is implemented in Chrome:

http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html

Based on this blog it doesn't seem like Chrome achieves the same degree of isolation from the rest of the system that Sandboxie does. But if you don't use Sandboxie and run with an admin account you get a lot of extra protection with Chrome.

 

As far as I know current Chrome does not cover web plugins. So, still opening up to major risks. Better to have other sandboxing

 

Where does Chrome have its own sandbox? I can't see any information or options on this and I certainly haven't noticed it all the time that I've been running it. All I see is some warnings when downloading files or visiting dangerous websites, etc.

 

Generally when browsing, not like sandboxie, but some things web-browsers automatically do are sandboxed (HTML rendering and JavaScript execution), so it wont save your ass when you go and download malware, wont protect from pdf exploits, but will reduce exploits and script-based trojan.

See the link in Victek123's post.

 

thank you for the link. Sandboxie works with Chrome. This combo seems good with Avast 5.

thanks
Ice

 

I think Chrome's sandbox relates to Chrome's engine and each tab running in their own memory space.

So if one tab/page crashes/locks up, the engine and other tabs/pages don't crash/lockup.

Sandboxie is way more secure.

 

Actually Chrome sandbox is much more advanced than what described above.

Every browser's tab is a separate process that runs using a very restricted token. If a new web exploit against Chrome is executed and executable code is run, it inherits process token. But it will be the restricted token, which wouldn't allow the malicious code going too far.

Moreover, every separate process is run under a job object. This adds yet more security limitations to the process.

Still all browser tab processes are run in a dedicated desktop. This is done to prevent shatter attacks and other similar kind of attacks.

(There are still some other interesting things in Chrome sandbox)

Chrome sandbox's structure is much more robust and effective than what it looks like.

Though, we must be sure that the system is not compromised, otherwise all Windows security mechanisms could be useless

As explained: