Stack Exchange Network

Stack Exchange network consists of 181 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It only takes a minute to sign up.

Sign up to join this community

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I'm running Chromium like so : chromium --no-sandbox

I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.

Though I keep reading this is terrible . But I want to know why exactly. Can someone please explain it to me?

Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?

What if I locked browsing down to only a handful of "trusted" sites? (Gmail, stackexchange (ofcourse), and facebook)

Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc . Google themselves recommend using another browser then using Chrome without sandbox. Tried opera ? – Runium Mar 22, 2013 at 19:46 Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome. – capdragon Mar 22, 2013 at 20:08

I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –

Hopefully this shed some light on the topic of sandbox :

Quick introduction to Chrome's sandbox.

More in depth design document . With internal links to FAQ, etc.

And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)

tl;dr: the sandbox removes unnecessary privileges from the processes that don't need them in Chrome, for security purposes. Disabling the sandbox makes your PC more vulnerable to exploits via webpages, so Google don't recommend it – Steve Apr 10, 2019 at 7:32 Short version: If you are using this option for example for testing and you know the url you are testing is safe (is your application) then it is perfectly safe to use it. Just don't use it for browsing on porn sites. – mojmir.novak Dec 13, 2021 at 13:21

For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html

Extract the file - you will get a folder called chromium-linux

Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).

Run these four commands individually:

sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapper

When I do that, I am good to go.