What do browers' built-in sandbox do?

Discussion in 'sandboxing & virtualization' started by paranoidbrowsing, Nov 10, 2020.

  1. paranoidbrowsing

    paranoidbrowsing Registered Member

    Joined:
    May 10, 2011
    Posts:
    11
    I have been using sandboxie for years to protect my web browsing.

    I also read that modern browsers all have their own built-in sandbox. What do they do and why is there still a need to sandbox (e.g. with sandboxie) browsers?
     
  2. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,325
    Location:
    US
    Interesting question. If the "built-in" sandboxes of Chromium and Firefox are as strong as Sandboxie, that certainly would solve the problem of having to keep Sandboxie "alive". Sandboxie of course can be used with other programs but I only ever used it for my browser so if the browser sandboxes are "puncture proof" ... Hope this generates some good discussion.
    Acadia
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    I don't know how Firefox' sandbox works, but Chrome's running on Windows, very simply put, just renders the web content in separate renderer processes from the main browser's broker process. In Linux the sandboxing of Chrome is apparently stronger than that of Windows.

    In either case, whether it be Firefox, Edge or Chrome, I don't count on the browser's sandbox to completely protect against potential exploits. The browsers I use are augmented with other security measures, both on Windows and Linux. I would say my Linux setup might be more "bulletproof" than my Windows setup.

    EDIT:

    here's a link on Chromium's sandboxing techniques in Windows:

    https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md

    ...and another on linux sandboxing:

    https://chromium.googlesource.com/chromium/src/+/master/docs/linux/sandboxing.md
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,004
    Location:
    Member state of European Union
    Well, external sandboxes such as Sandboxie can be used to revert browser to previous state - delete all new cookies, new cache entries, new history entries.
    I mainly use external sandboxes to contain programs that are not web browsers with the notable exception of Tor Browser.
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,874
    browsers "own" sandbox is only the usage of modern Windows features like "integrity level", assisted by ASLR, DEP and CF. Means, that sub-processes of any browser parent (running at any user level) are running with lower rights (low or untrusted)

    For sandboxie this won't change*, but additional data is kept (default settings) in the box.

    * wont change until admin rights are ticked off in box settings -> running at user level, not admin level

    It's wrong to think that sandboxie will prevent attacks on a browser, but it can prevent intrusion into hosting system, but can not prevent read and send sensitive data if browser has been hacked.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I agree with this. Just wanted to add that you can restrict data access with Sandboxie (off by default) so doing so it could prevent access to sensitive data from browser even if it's "hacked". If exploit triggers Windows' vulnerability (some system component or driver) then it's probably game over.
     
    Last edited: Nov 11, 2020
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,874
    +1

    thats a good reason to store sensitive data either on a separated (maybe encrypted) drive or folder with limited access which can be excluded easily.
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    If you keep your sensitive data stored on a separate administrator account and run your browser from a standard account, then the browser can't read the sensitive data.
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,874
    Regular user separation, dont need admin account- but this would mean that sensitive data is put on system drive. (with no moved personal folder which is not recommended - use the windows library instead)
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    The chance that you will encounter a browser exploit is quite small nowadays, because it's much harder for hackers to exploit them, and that's because of the built-in sandboxes. Hackers now need to escape the sandbox in order to do any serious damage. And if they find these kind of bugs, it's very likely they reserve them for targeted attacks.

    But anyway, it's still possible to bypass built-in sandboxes, so in these kind of scenarios a tool like Sandboxie might still come in handy because of its virtualization features. Of course other tools like AV's and anti-exploit may also mitigate such an attack. Here are some examples of recent hacks on Firefox and Chrome where the built-in sandboxes were bypassed without using any bugs in the Windows OS.

    https://twitter.com/TianfuCup/status/1325247567928549377
    https://twitter.com/TianfuCup/status/1324953113099268096
     
  11. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    There's also Microsoft's Windows Defender Application Guard which augment the built in browser sandbox. In case malware somehow manages to burrow through one, it will be contained by the other.

    And that's not counting the security layers added to Windows itself.
     
  12. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Have you ever tested this by chance?
     
  13. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    No. I haven't been on an untrusted site. Presumably it would invoke the WDAG sandbox.
     
  14. Melionix

    Melionix Registered Member

    Joined:
    Jun 22, 2020
    Posts:
    111
    Location:
    Earth
    I've tested MDAG extensively and it works pretty great. Definitely slower than "default" Edge, but very much usable if videos aren't installed.

    I'm using it without vGPU. Enable that and throw in a top modern computer and I'm sure it works much better.
     
  15. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    I have Hyper Visor and support for virtual machine virtualization. The only thing I needed to run is to apply the registry patch to lower the RAM requirement.

    MWDAG tolls along nicely with 12% CPU load - all within acceptable limits.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.