Sandbox Subsystem
Process isolation, privilege restriction mechanisms, and secure IPC tunnels enforced by the native OS kernel.
Defense Mechanisms
Unprivileged Accounts
Renderer and GPU processes are spawned under restricted alternate user IDs, entirely stripping them of administrative `root` or `sudo` capabilities at the POSIX layer.
Chroot / Namespace Jails
Mount, PID, Network, and IPC namespaces are decoupled. The renderer believes it is running in an empty filesystem with no visibility into true OS mounts or hardware abstractions.
Seccomp-BPF Filtering
Strict system call whitelisting. A compromised renderer process cannot invoke dangerous syscalls (like `execve` or `ptrace`). The kernel will terminate the process instantly upon violation.
Capabilities Dropping
POSIX capabilities like `CAP_SYS_ADMIN` and `CAP_NET_RAW` are completely dropped from child threads, removing access to raw sockets or administrative commands.
Secure IPC Bridging
Compromised Web Content (RCE in V8/WebCore)
│
▼
┌────────────────────────────────────────────────────────┐
│ Renderer Process │
│ [Namespace Jail] [Seccomp-BPF] [Dropped Caps] │
└───────────────────────────┬────────────────────────────┘
│
┌───────────────────────────▼────────────────────────────┐
│ IPC Broker │
│ Validates all requests: │
│ 1. Does this origin have camera permissions? │
│ 2. Is this network request allowed by CSP/CORS? │
│ 3. Reject arbitrary file read (`/etc/passwd`)! │
└───────────────────────────┬────────────────────────────┘
│
┌───────────────────────────▼────────────────────────────┐
│ Browser Process (Privileged) │
│ Executes safe requests via Native OS API │
└────────────────────────────────────────────────────────┘