Sandboxie and Chrome question

How safe I am if I allow access to Chrome profile and add only Chrome.exe in Start/Run Access Restrictions and Internet Access? When i close chrome all the other contents are deleted.

 

Adding only Chrome to Start/Run Access Restrictions and Internet Access would make your browsing sandbox very tight, if you can have a comfortable browsing experience by doing it like that, I would.

I dont use Chrome but in my XP, in my Firefox every day sandbox, I allow Firefox, Plugin container and Foxit (out of the browser) to run and only Firefox can connect. In my W7, I also allow dllhost to run.

Personally, I wouldnt allow access to the Chrome folder but I dont think is unsafe. I only allow access to bookmarks.

Bo

 

Start/run access and Internet access are great protections against malware. It prevents it from running and connecting to net.
This protection however doesn't help much when it comes to scripts and other active content.
In your case script could write to Chrome profile folder. Is it dangerous? I don't know. But I allow Chrome direct access to bookmarks only.

 

I have found, through VERY informal testing that you should take with a grain of salt, that allowing Chrome access to its profile folder allows you to save settings on your extensions. I noticed that ScriptNo would not remember my allowed sites until I did that. Personally, I do what you do: I allow Chrome access to its profile folder and have start/internet access enabled only for chrome.exe.

Chrome has its own sandbox which, while not entirely bulletproof, is still incredibly strong. It not only isolates chrome.exe from the rest of the system, but isolates each tab from each other. So, theoretically, if you have a bad script in one tab, it stays there and will be gone once that tab is closed.

Realistically, Sandboxie + Chrome + ScriptNo is probably the closest thing you'll get to a bulletproof browser in my opinion.

 

I am using FF and IE and only run these inside sandboxie. Having just downloaded Chrome and understanding that this browser is running every tab in its own sandbox, I am wondering what additional benefit sandboxie in this case brings?

I added Chrome to my forced files and don't notice any negative effect but it seems to me I am running a sandboxed file in a sandbox. How different is the approach for someone used to running sandboxie and keen on keeping this in place when running chrome as the browser of choice as opposed to FF?