105

I'm running Chromium like so : chromium --no-sandbox

I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.

Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?

Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?

What if I locked browsing down to only a handful of "trusted" sites? (Gmail, stackexchange (ofcourse), and facebook)

Improve this question
5
  • 10
    Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
    – Runium
    Commented Mar 22, 2013 at 19:46
  • Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
    – capdragon
    Commented Mar 22, 2013 at 20:08
  • 1
    I suppose I should use xmarks then.
    – capdragon
    Commented Mar 22, 2013 at 20:20
  • @Sukminder Please enter your comment as an answer so I can give you credit.
    – capdragon
    Commented Mar 22, 2013 at 20:21
  • Current sandbox docs: chromium.googlesource.com/chromium/src/+/master/docs/design/…
    – Brent Bradburn
    Commented Sep 26, 2019 at 18:46

2 Answers 2

Reset to default
41

I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –

Hopefully, this sheds some light on the topic of sandbox:

tl;dr: The sandbox removes unnecessary privileges from the processes that don't need them in Chrome for security purposes. Disabling the sandbox makes your PC more vulnerable to exploits via web pages, so Google doesn't recommend it.

As stated, Google recommends using another browser rather than using Chrome without a sandbox. And then obviously understood as if one can fix it, then that would be preferred ;)

Improve this answer
0
0

For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html

Extract the file - you will get a folder called chromium-linux

Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).

Run these four commands individually:

sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapper

When I do that, I am good to go.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .