This document summarises the sandboxes used for different processes or services in Chrome. This informs the severity of security issues in different processes. Security issues are triaged based on the least-sandboxed platform where an issue occurs. Some processes may be sandboxed but contain important credentials or cross-origin data, for this table they count as being sandboxed.
This table will be updated to track the default configuration of the Stable Chrome channel (i.e. 100% of clients adopt the tighter configuration).
The utility process type hosts several services with different sandboxing
requirements. Find the sandbox used by a utility by finding the
ServiceSandbox attribute used in
its main mojo service.
Last updated for M128.
| Process / Service | Platform(s) | Sandbox |
|---|---|---|
| Browser | all | unsandboxed |
| Network | Android, Windows, Linux | unsandboxed |
| GPU | Android, non-ChromeOS Linux | unsandboxed |
| On Device Model Execution | Android, non-ChromeOS Linux | unsandboxed |
| Video Capture | non-Fuchsia | unsandboxed |
| kNoSandbox | all | unsandboxed |
| kNoSandboxAndElevatedPrivileges | Windows | Elevated |
- kNetwork (Fuchsia, Mac)
- kGpu (Fuchsia, Mac, Windows, ChromeOS)
- kVideoCapture (Fuchsia)
- kRenderer (renderer, extensions, PDF renderers)
- kUtility
- kService
- kServiceWithJit
- kAudio
- kOnDeviceModelExecution
- kCdm
- kPrintCompositor
- kSpeechRecognition
- kScreenAI
- kPpapi
- kPrintBackend
- kVideoCapture (Fuchsia only)
- kIconReader (Windows only)
- kMediaFoundationCdm (Windows only)
- kPdfConversion (Windows only)
- kXrCompositing (Windows only)
- kWindowsSystemProxyResolver (Windows only)
- kHardwareVideoDecoding (Linux & Ash)
- kHardwareVideoEncoding (Linux & Ash)
- kIme (Ash only)
- kTts (Ash only)
- kLibassistant (Ash only)
- kNearby (Ash only)
- kMirroring (MacOS only)