Google Chrome Sandbox?

Discussion in 'sandboxing & virtualization' started by IceCube1010, Oct 24, 2008.

Thread Status:
Not open for further replies.
  1. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Just a question for all the sandbox experts out there. Does google chrome have a sandbox feature built in or is it like Geswall? I tried searching the net but found a lot of security flaws with the googles browser. Not sure it they are fixed etc...

    Please no flames, any feedback would be appreciated.

    Ice
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    USe Iron Webbowser instead. Google for it.
     
  3. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    Ice,

    Google will probably use the technology it gained from it's acquisition of Green Border to add a sandbox technology to Chrome. No idea on timescales.

    ~interact
     
  4. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    It's got a built-in sandbox. Wish it would run properly on my system but it doesn't like SRP enabled.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Try IROn, for info see http://www.legendscrolls.co.uk/webstandards/srwareiron

    Google Chrome has two issues:
    1. It starts from Documents and Settings, while IRON can be installed in Programs directory

    2. WIth IRON reduce SRP to exclude DLL's (at enforcement). When SRP is enbled for all programs (including DLL's) it won't connect.

    Regards Kees
     
  6. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Just download Chromium instead. No installer needed (though there's one if you really want) so you can just unpack to better place than %APPDATA%, portable, no junk bundled (such as Google Updater), completely open-source. ;)
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  8. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Just a note - that comparison table is against Google Chrome, not Chromium. E.g., as noted there's no updater in Chromium, also no client ID etc.
     
  9. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Point 1
    I agree. I didn't like it either that Chrome installed in Documents and Settings, and, yes, I like that Iron installs in Program Files. I've tried it before. Definitely an improvement over Chrome.

    Point 2
    In Enforcement, I really didn't like reducing my protection from "All software files" to "All software files except libraries" just to use Chrome or its offshoots (Iron for example). I really don't like it that well. IMO, it just doesn't come close to the functionality of Firefox supplemented by its extensions and shored up by SRP fully enforced.

    Thanks for taking the time to respond Kees. :D. I always respect and appreciate your opinion.

    Later....
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Guys,

    have not been able to destroy my setup (power user with some extra rules on restricting internet facing aps), newes threatfire (with some extra custom rules) and IRON!

    Really impressed with IRON (running normal user with StripMyrights).

    Cheers

    Kees
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    how did you achieve that or what type of rules did you apply for ?:thumb:
     
  12. rolarocka

    rolarocka Guest

    The only downside with Iron is that they dont update it as fast as Chromium. Otherwise Iron's adblocker integraton is great. :thumb: Makes browsing even faster.
     
  13. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    I've been trying out Iron for the last few days and I'm impressed with the speed. The Sandbox must conflict with Sandboxie as Iron refuses to run sandboxed. Not sure if it would conflict with GesWall. Thought about using it with DMR, then saw Kees post using it with StripMyRights. Will have to check on SMR.
     
  14. rolarocka

    rolarocka Guest

    It runs in Sandboxie with this extension: -no-sandbox
     
  15. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    Thanks, it's working now. I don't see the usual [#] [#] signs on the browser. Is that normal?
     
  16. Criss

    Criss Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    186
    Is google chrome sandboxing function causing it not able to be sandboxed??
    Because whenever i sandboxed google chrome, it can't connect to the internet.
     
  17. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    With (see screenshot) settings chrome will work nicely "inside" sandboxie (CAUTION: sand leakage :eek: )
    Btw. chrome "build-in sandbox" working in such a way to separate tabs one from another and not to separate chrome from rest of the OS, so if one tab needs to crash it will not crash whole browser...

    google sandboxed.png
     
    Last edited: Oct 27, 2008
  18. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    One caveat, I'm unable to download any file when running in Sandboxie
     
  19. rolarocka

    rolarocka Guest

    Yes i notice that too if you have installed Iron inside Sandboxie. If you install Iron outside Sandboxie and run it then sandboxed, allowing iron.exe to access directly your download location should work. Example - if you allways download to the Desktop allow direct access to the Desktop for Iron in Sandboxie.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Jmonge,

    I run it together with ThreatFire in a power user XP Pro environment with all other internet facing programs running as limited user via secpol.msc I also block program execution from P2P and temporary directories.

    Just make a quick link to IRON, add Iron's directory in the startup directory of the link, copy StripMyRights.exe to the Iron directory and add

    StripMyRights.exe /L N "directory of iron\iron exe"

    Make sure you do not accept third party cookies in Chromium/Chrome/Iron and disallow dangerous content to run (third tab).
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    is Iron part of the chrome?
     
  22. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    No, it's not. Is Seamonkey part of Firefox?
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    so this iron browser is part of firefox theno_O??
     
  24. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Uh, no of course it's not. FF is using Gecko engine, Chrome/Chromium/Iron is using Webkit engine. That was a metaphor!
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    ok i got it thanks:thumb:
     
Loading...
Thread Status:
Not open for further replies.