Sandboxie and Chrome question

Discussion in 'sandboxing & virtualization' started by JohnMult, Oct 27, 2012.

Thread Status:
Not open for further replies.
  1. JohnMult

    JohnMult Registered Member

    Mar 26, 2012
    How safe I am if I allow access to Chrome profile and add only Chrome.exe in Start/Run Access Restrictions and Internet Access? When i close chrome all the other contents are deleted.
  2. bo elam

    bo elam Registered Member

    Jun 15, 2010
    Adding only Chrome to Start/Run Access Restrictions and Internet Access would make your browsing sandbox very tight, if you can have a comfortable browsing experience by doing it like that, I would.

    I dont use Chrome but in my XP, in my Firefox every day sandbox, I allow Firefox, Plugin container and Foxit (out of the browser) to run and only Firefox can connect. In my W7, I also allow dllhost to run.

    Personally, I wouldnt allow access to the Chrome folder but I dont think is unsafe. I only allow access to bookmarks.

  3. tomazyk

    tomazyk Guest

    Start/run access and Internet access are great protections against malware. It prevents it from running and connecting to net.
    This protection however doesn't help much when it comes to scripts and other active content.
    In your case script could write to Chrome profile folder. Is it dangerous? I don't know. But I allow Chrome direct access to bookmarks only.
  4. Fox Mulder

    Fox Mulder Registered Member

    Jun 2, 2011
    I have found, through VERY informal testing that you should take with a grain of salt, that allowing Chrome access to its profile folder allows you to save settings on your extensions. I noticed that ScriptNo would not remember my allowed sites until I did that. Personally, I do what you do: I allow Chrome access to its profile folder and have start/internet access enabled only for chrome.exe.

    Chrome has its own sandbox which, while not entirely bulletproof, is still incredibly strong. It not only isolates chrome.exe from the rest of the system, but isolates each tab from each other. So, theoretically, if you have a bad script in one tab, it stays there and will be gone once that tab is closed.

    Realistically, Sandboxie + Chrome + ScriptNo is probably the closest thing you'll get to a bulletproof browser in my opinion.
  5. beethoven

    beethoven Registered Member

    Dec 27, 2004
    I am using FF and IE and only run these inside sandboxie. Having just downloaded Chrome and understanding that this browser is running every tab in its own sandbox, I am wondering what additional benefit sandboxie in this case brings?

    I added Chrome to my forced files and don't notice any negative effect but it seems to me I am running a sandboxed file in a sandbox. How different is the approach for someone used to running sandboxie and keen on keeping this in place when running chrome as the browser of choice as opposed to FF?
Thread Status:
Not open for further replies.