Google Chrome Sandbox?

Just a question for all the sandbox experts out there. Does google chrome have a sandbox feature built in or is it like Geswall? I tried searching the net but found a lot of security flaws with the googles browser. Not sure it they are fixed etc...

Please no flames, any feedback would be appreciated.

Ice

 

USe Iron Webbowser instead. Google for it.

 

Ice,

Google will probably use the technology it gained from it's acquisition of Green Border to add a sandbox technology to Chrome. No idea on timescales.

~interact

 

It's got a built-in sandbox. Wish it would run properly on my system but it doesn't like SRP enabled.

 

Try IROn, for info see http://www.legendscrolls.co.uk/webstandards/srwareiron

Google Chrome has two issues:
1. It starts from Documents and Settings, while IRON can be installed in Programs directory

2. WIth IRON reduce SRP to exclude DLL's (at enforcement). When SRP is enbled for all programs (including DLL's) it won't connect.

Regards Kees

 

Just download Chromium instead. No installer needed (though there's one if you really want) so you can just unpack to better place than %APPDATA%, portable, no junk bundled (such as Google Updater), completely open-source.

 

Yep Iron is an improved chromium, with the newer Webkit engine, see http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php
for beter security and it has a number of priviacy improvements listed

So Iron is Chromium plus

 

Just a note - that comparison table is against Google Chrome, not Chromium. E.g., as noted there's no updater in Chromium, also no client ID etc.

 

Point 1
I agree. I didn't like it either that Chrome installed in Documents and Settings, and, yes, I like that Iron installs in Program Files. I've tried it before. Definitely an improvement over Chrome.

Point 2
In Enforcement, I really didn't like reducing my protection from "All software files" to "All software files except libraries" just to use Chrome or its offshoots (Iron for example). I really don't like it that well. IMO, it just doesn't come close to the functionality of Firefox supplemented by its extensions and shored up by SRP fully enforced.

Thanks for taking the time to respond Kees. . I always respect and appreciate your opinion.

Later....

 

Guys,

have not been able to destroy my setup (power user with some extra rules on restricting internet facing aps), newes threatfire (with some extra custom rules) and IRON!

Really impressed with IRON (running normal user with StripMyrights).

Cheers

Kees

 

how did you achieve that or what type of rules did you apply for ?

 

The only downside with Iron is that they dont update it as fast as Chromium. Otherwise Iron's adblocker integraton is great. Makes browsing even faster.

 

I've been trying out Iron for the last few days and I'm impressed with the speed. The Sandbox must conflict with Sandboxie as Iron refuses to run sandboxed. Not sure if it would conflict with GesWall. Thought about using it with DMR, then saw Kees post using it with StripMyRights. Will have to check on SMR.

 

It runs in Sandboxie with this extension: -no-sandbox

 

Thanks, it's working now. I don't see the usual [#] [#] signs on the browser. Is that normal?

 

Is google chrome sandboxing function causing it not able to be sandboxed??
Because whenever i sandboxed google chrome, it can't connect to the internet.

 

With (see screenshot) settings chrome will work nicely "inside" sandboxie (CAUTION: sand leakage )
Btw. chrome "build-in sandbox" working in such a way to separate tabs one from another and not to separate chrome from rest of the OS, so if one tab needs to crash it will not crash whole browser...

 

One caveat, I'm unable to download any file when running in Sandboxie

 

Yes i notice that too if you have installed Iron inside Sandboxie. If you install Iron outside Sandboxie and run it then sandboxed, allowing iron.exe to access directly your download location should work. Example - if you allways download to the Desktop allow direct access to the Desktop for Iron in Sandboxie.

 

Jmonge,

I run it together with ThreatFire in a power user XP Pro environment with all other internet facing programs running as limited user via secpol.msc I also block program execution from P2P and temporary directories.

Just make a quick link to IRON, add Iron's directory in the startup directory of the link, copy StripMyRights.exe to the Iron directory and add

StripMyRights.exe /L N "directory of iron\iron exe"

Make sure you do not accept third party cookies in Chromium/Chrome/Iron and disallow dangerous content to run (third tab).

 

is Iron part of the chrome?

 

No, it's not. Is Seamonkey part of Firefox?

 

so this iron browser is part of firefox then??

 

Uh, no of course it's not. FF is using Gecko engine, Chrome/Chromium/Iron is using Webkit engine. That was a metaphor!

 

ok i got it thanks