Question is, does Chrome have two sandboxes? I see a newer Privacy Sandbox... ... but I see very little or no info on the standard, default Chrome sandbox. For example, is it capable of being turned on and off? Is it in anyway configurable? How can a user determine if the sandbox is running? Reason I am asking is because I have always heard some folks say it is redundant/overkill to run Chrome inside Sandboxie because Chrome already has a sandbox. But the sandbox they were referencing is not the same one as this Privacy Sandbox that can be toggled on and off, right?
Basically, the Chrome built-in sandbox and the upcoming privacy sandbox or two different things. The first is meant to protect against drive-by exploit attacks. And just about all other browsers like Edge, Vivaldi and Firefox also make use of this. Of course since Firefox is not based on Chromium, they have implemented it in a different way, but the concept stays the same. The privacy sandbox is a new plan to replace third party cookies as a way to track people for targeted advertising. It's not clear yet if you will be able to disable the privacy sandbox, but companies that are serious about privacy say they won't support it, but on the other hand what if this will break the correct functioning of websites?
at first - the chrome "sandbox" is only using windows features like ASLR/ASLR2, CFG, DEP, de-elevation (anonymous) aso. any program can use this. thats why modern browsers hava parent process while the rest are childs running as "anonymous" " or low integrity": https://securelist.com/malicious-code-and-the-windows-integrity-mechanism/76751/ (thats why limiting firefox to only one process is a very stupid idea, in any environment) Firefox uses several integrity level, best known failure is sound in sandboxie, then user needed to raise integrity +1, there exist no other practical usage) "privacy sandbox" could be something like firefox containers - which is a unique feature since years (v57). if it might so google dev had no benefit from co-op with mozilla, sh*t happens. chrome never had bevore similar like "containers".
Appreciate both responses. I was basically looking for more info on the Chromium Sandbox. The Privacy Sandbox has lots of info floating around, and I see it can be turned on or off by user. But my questions remain for the default sandbox...is it capable of being turned on and off? Is it in anyway configurable? How can a user determine if the sandbox is running? I did find a couple of detailed Chromium Sandbox articles. Sandbox Sandbox FAQs
cannot test it these days, but best example may facebook and similar pages. if i am right about the "container" theorie - whats coming up in "containers"/"sandbox" stays in the box - if the box is closed, then any related will be gone. chrome is marking this as "trial" or "experimental" so it might contain bugs.
You can check status on the internal chrome://sandbox page. You can also view Chrome's processes with Process Explorer, make sure it has multiple processes and uses Low or Untrusted integrity level. Not sure if it is still possible, but you could launch Chrome with a command line switch to disable the sandbox. There is no way to configure it, though there were a few experimental options to turn on like win32k lockdown.
My question is, why would you want to disable Chrome's built-in sandbox? You do realize it's meant to provide extra security? Are you perhaps having troubles with running Chrome under supervision of Sandboxie? On my Win 10 system I can run both Edge and Vivaldi ''sandboxed'' by Sandboxie without any problems.
Good question ("why would you want to disable Chrome's built-in sandbox?"). I could have explained that better. I want to know if it is capable of being turned off and on, and if there is a way to determine if it is running. Sometimes inexplicably settings change without user action. Just wanted to look more into it. And I do realize it is meant to provide extra security. The issues I am looking at currently involve Chrome, Sandboxie and HitmanPro.Alert together, a combination that has been running perfectly fine for me for many years. TY for the input.
Excellent. The chrome://sandbox page shows me it is running, which is one thing I have been asking about. Thanks.
no comments if some dont know about the sandbox terms from operating systems, this is neither nor comparable to sandboxie chrome://sandbox/ shows exact the status from system i gave above - integrity and task(s) with process (render, gpu aso.) use "process explorer" (sysinternals) or processhacker to verify. "Privacy Sandbox" is this https://www.chromium.org/Home/chromium-privacy/privacy-sandbox in german https://usercentrics.com/de/knowledge-hub/google-chrome-privacy-sandbox/ https://t3n.de/news/privacy-sandbox-google-1191087/ from what i read its more like the antitracking in firefox (chrome dont own such settings), a bit of incognito mode, but well targeted ads for users. thats why they invented into FLoC because this works without cookies. its ok, but i wont surf without ublock or similar
