Browser Sandbox
What is Browser Sandbox?
Browser SandboxAn OS-level isolation layer that confines a browser's renderer and helper processes so that compromised web code cannot read the file system or other applications.
A browser sandbox is the set of operating-system mechanisms that the browser process uses to constrain less-trusted child processes — renderers, GPU process, plugins, network service — to a minimal set of capabilities. Chromium uses Windows job objects and integrity levels, macOS Seatbelt, and Linux seccomp-bpf plus namespaces; Firefox uses similar primitives. Even if attacker JavaScript or a renderer-level memory corruption succeeds, the sandbox prevents arbitrary file access, command execution, or interaction with other processes without an additional sandbox escape. Together with Site Isolation, the sandbox is the modern browser's primary defense against drive-by exploits, and is regularly stress-tested at Pwn2Own where a full sandbox-escape chain is required to win.
● Examples
- 01
Chrome renderer running as a low-integrity job object with token restrictions on Windows.
- 02
Pwn2Own contestants chaining a renderer RCE with a sandbox escape to gain full code execution.
● Frequently asked questions
What is Browser Sandbox?
An OS-level isolation layer that confines a browser's renderer and helper processes so that compromised web code cannot read the file system or other applications. It belongs to the Application Security category of cybersecurity.
What does Browser Sandbox mean?
An OS-level isolation layer that confines a browser's renderer and helper processes so that compromised web code cannot read the file system or other applications.
How does Browser Sandbox work?
A browser sandbox is the set of operating-system mechanisms that the browser process uses to constrain less-trusted child processes — renderers, GPU process, plugins, network service — to a minimal set of capabilities. Chromium uses Windows job objects and integrity levels, macOS Seatbelt, and Linux seccomp-bpf plus namespaces; Firefox uses similar primitives. Even if attacker JavaScript or a renderer-level memory corruption succeeds, the sandbox prevents arbitrary file access, command execution, or interaction with other processes without an additional sandbox escape. Together with Site Isolation, the sandbox is the modern browser's primary defense against drive-by exploits, and is regularly stress-tested at Pwn2Own where a full sandbox-escape chain is required to win.
How do you defend against Browser Sandbox?
Defences for Browser Sandbox typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Browser Sandbox?
Common alternative names include: Renderer sandbox.
● Related terms
- appsec№ 1051
Site Isolation
A Chromium security architecture that places documents from different sites into separate operating-system processes so a compromised renderer cannot read cross-site data.
- defense-ops№ 964
Sandbox Escape
A vulnerability or exploit chain that lets code break out of an isolating sandbox — browser, VM, or hypervisor — to gain code execution in the surrounding host environment.
- appsec№ 1182
Type Confusion Vulnerability
A memory-safety bug where code accesses an object using a type incompatible with its real allocation, often enabling arbitrary read, write, or code execution.
- vulnerabilities№ 1193
Use-After-Free
A memory-safety bug where a program continues to use memory after it has been freed, often allowing attackers to control object state and hijack execution.
- appsec№ 1075
Speculative Execution Side Channel
A microarchitectural vulnerability class where CPUs leak data through caches and predictors after executing instructions speculatively along paths that should not have run.
- appsec№ 516
iframe sandbox
HTML attribute that applies extra restrictions to an iframe's content, blocking scripts, forms, navigation, and same-origin access unless explicitly re-enabled.
● See also
- № 564JIT Spray
- № 646Malicious Browser Extension
- № 808PDF Exploit