98

I'm running Chromium like so : chromium --no-sandbox

I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.

Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?

Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?

What if I locked browsing down to only a handful of "trusted" sites? (Gmail, stackexchange (ofcourse), and facebook)

jasonwryan
  • 73,126
capdragon
  • 1,187

2 Answers2

38

I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –

Hopefully, this sheds some light on the topic of sandbox:

tl;dr: The sandbox removes unnecessary privileges from the processes that don't need them in Chrome for security purposes. Disabling the sandbox makes your PC more vulnerable to exploits via web pages, so Google doesn't recommend it.

As stated, Google recommends using another browser rather than using Chrome without a sandbox. And then obviously understood as if one can fix it, then that would be preferred ;)

Kusalananda
  • 333,661
Runium
  • 28,811
0

For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html

Extract the file - you will get a folder called chromium-linux

Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).

Run these four commands individually:

sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapper

When I do that, I am good to go.

jasonwryan
  • 73,126
lyle fairfield
  • 21