Basic Questions re Chrome's Sandbox

I'm a new Chrome user (installed it just today) and was curious about Chrome's sandbox.

Is the sandbox always enabled by default?
How do I 'tell' the sandbox to always allow downloads to a specified partition?

Any other new user tips are also welcomed...

Thanks,
Cruise

 

Yes, it is.

You don't have to, it will be able to do this.

 

Hungry Man,

Thanks for the quick reply, but your 2nd answer confuses me further. If I don't have to deliberately instruct Chrome to pass downloads through to a folder/partition of my choosing, how does Chrome know to contain undesirable malware within its sandbox?

Cruise

 

Chrome's sandbox works by splitting the browser up into various parts.

You have your Javascript renderer, Tabs, Extensions, and a few other areas.

All of those areas are run at Untrusted Integrity without file access.

When you try to download something the "Broker" process handles it, making a security decision as to whether or not the write is legitimate or not.

This allows for a transparent sandbox where you never have to interact with it.

 

Thanks again HM. While that automation sounds very nice, do you know of any tests showing that it does the job in keeping nasties (such as rootkits) from hooking into your system?

Cruise

 

Historically the sandbox has done very well. No attacks against the Chrome sandbox have ever been found in the wild and successful attacks against it in competitions like pwn2own typically consist of many vulnerabilities being chained together.

 

That's good to hear. In your opinion, is it comparable to Sandboxie with IE (from a security viewpoint)?

 

Chrome's sandbox is better than IE9's sandbox. With IE10 on Windows 8 I'd say IE10 may be more secure in terms of the Sandbox and security mitigations - there isn't enough information right now on the architecture of the browser itself to say but I'd say they're both very secure.

 

I was referring to IE with Sandboxie - is the above to say that you believe that Chrome is safer than IE with Sandboxie?

 

Oh, I'm sorry I misread.

IE10 is already arguably more secure than Chrome with Enhanced Protected Mode so I think that, with Sandboxie, it could be considered more secure.

 

So are you saying that Chrome is immune from drive bye downloads? For instance, if a person is using Chrome and goes to a site that is malicious and attempts to download some malicious files (ie some flash exploit or pdf exploit)...what happens? Does the download happen but the file is not able to write? Is the malicious download able to run with limited rights? I understand what happens when I run a browser inside sandboxie...but I'm assuming Chrome is different. I can download a file using Chrome that my antivirus flags as malicious. I'm assuming if a malicious file is downloaded and the user decides to install it then the file will not have limited rights because it was downloaded using Chrome...if I download a file with my browser inside sandboxie and try to install the file I think the file will continue having limited rights or running inside a sandbox until I tell it not to?...it's confusing to me...

 

Well that depends. Let's say a user visits a page that hosts a Flash exploit (Chrome runs Flash in an untrusted process).

Without the sandbox Flash would be exploited and (usually) a second payload would be launched.

With the sandbox Flash would be exploited but would not be able to write to anywhere on the file system - it couldn't write or launch a second payload. Even if an attacker stays within the compromised Flash process they're limited in their ability to read/ write to the system, which makes local exploitation much more difficult.

 

Actually I was referring to IE9 with Sandboxie - as I don't think IE10 is available yet (for W7).

Cruise