Chrome Sandbox Change On Windows

Up until recently the renderer for Chrome tabs ran at a ‘Low Integrity’ meaning that it could only read/write to low integrity files and folders. Perhaps coincidentally (though I doubt it) after the pwnium exploits broke out of the Chrome sandbox Chrome now runs the renderer at untrusted, meaning it can only access ‘Untrusted Integrity’ files and folders.

By default there actually aren’t any areas of the Windows OS that have Untrusted integrity so this pretty much means the Chrome renderer no longer has disk access capabilities.

Google hasn’t said anything about this, which I find odd, so perhaps it’s a bug in process explorer? Doesn’t seem to be but who knows.

Either way, it’s a significant restriction if they’ve managed to do this.

Leave a Reply

Your email address will not be published. Required fields are marked *