Is it good to sandbox Google Chrome when running it?

TimeAndroid · July 17, 2013, 2:44am

Will sandboxing Google Chrome break it? Will it prevent threats from getting to your computer?

SanyaIV · July 17, 2013, 6:44am

If you sandbox Google Chrome when there already is an instance of it running then a new instance of Google Chrome will be opened in the sandbox and hence anything you do in the first Google Chrome instance will not be sandboxed.

Things you do in Google Chrome, when you have it in the sandbox (assuming it’s fully virtualized) will stay in the sandbox as long as you do not download things to any place like the Shared Space. If you download something to the Shared Space and then use the explorer to open the file then it’s the BB that decides whether that file is going to be sandboxed or not depending on whether it is trusted or not.
However if you download lets say malware.exe to your default download location and you have not specified that location to be excluded from sandboxing, then it will be downloaded to the sandbox location and everything in that location should be sandboxed.

So basically yes it will prevent threats from getting to your REAL system, however it won’t prevent them from getting to your computer, since the virtual environment is on your computer. However (too many howevers… ) you need to pay attention and not download random stuff to the Shared Space and then running them because that is basically circumventing one of the protection the browser sandbox provides.

TimeAndroid · July 17, 2013, 2:13pm

SanyaIV post:2:

If you sandbox Google Chrome when there already is an instance of it running then a new instance of Google Chrome will be opened in the sandbox and hence anything you do in the first Google Chrome instance will not be sandboxed.

Things you do in Google Chrome, when you have it in the sandbox (assuming it’s fully virtualized) will stay in the sandbox as long as you do not download things to any place like the Shared Space. If you download something to the Shared Space and then use the explorer to open the file then it’s the BB that decides whether that file is going to be sandboxed or not depending on whether it is trusted or not.
However if you download lets say malware.exe to your default download location and you have not specified that location to be excluded from sandboxing, then it will be downloaded to the sandbox location and everything in that location should be sandboxed.

So basically yes it will prevent threats from getting to your REAL system, however it won’t prevent them from getting to your computer, since the virtual environment is on your computer. However (too many howevers… ) you need to pay attention and not download random stuff to the Shared Space and then running them because that is basically circumventing one of the protection the browser sandbox provides.

Thanks. What do you mean by “If you sandbox Google Chrome when there already is an instance of it running then a new instance of Google Chrome will be opened”? Do you mean if I already have Chrome open then I try to open sandboxed Chrome a new window of Chrome will open?

SanyaIV · July 17, 2013, 2:30pm

Yes, so you will have one window which is not sandboxed and one window which is sandboxed. Just included that so that those who do not have the border enabled pay attention so that they use the right window.

TimeAndroid · July 19, 2013, 8:58pm

Would it have any other effects like Google Chrome not syncing bookmarks, etc?

Maverick326 · July 19, 2013, 9:10pm

A sandbox is only temporary. Once you empty it then all changes are reversed. So if you bookmark someone in a sandbox it will not be there unsandboxed.

SanyaIV · July 20, 2013, 6:19am

Unless you are using synchronization, if you bookmark something in synced sandboxed chrome then it should show up in synced non-sandboxed chrome (although it might take a little time) However I’d suggest starting chrome non-sandboxed for making changes you want to be permanent.