What is Browser Sandboxing

Table of Contents

With the rising popularity of web applications, there has also been an increase in security breaches, which is why CyberSecurity has become an essential part of the software development process. Several measures like Security Testing are being taken to ensure that the user data and privacy remains secure. Sandboxing is one such important technique to ensure the security of a website and computer resources. It isolates programs, preventing malicious or malfunctioning programs from damaging the rest of our computers.

For relating better, imagine a real-life sandbox. It is a set of walls that keeps all the sand inside, giving a designated space to play in and protecting the sands from the outside environment. Similarly, Browser Sandbox keeps all the user activities protected against malicious breaches, protecting the computer resources against external threats.

What is Sandboxing?

Sandboxing is the practice where an application, a web browser, or a piece of code is isolated inside a safe environment against any external security threat. The idea of sandboxing is to enhance security.

Similar to the physical sandbox at a playground where kids can create anything they want within the boundary without making a mess elsewhere, the application code is free to execute within a restricted environment in limited contact with the external environment.

For example, in a sandbox, JavaScript is free to add and modify elements on the page but might be restricted from accessing an external JSON file. This is because of a sandbox feature called same-origin.

Organizations leverage sandboxing in different ways such as Application Sandboxing, Web Browser Sandboxing, and Security Sandboxing.

What are the different types of Sandboxing?

Sandboxing can be classified into three different types:

Application Sandbox

An application sandbox allows running untrusted software in a safe location and observing it to detect any malicious components in it.

Web Browser Sandbox

A web browser sandbox allows running web applications in isolated environments to block any browser-based malware from spreading to the network.

Security Sandbox

A security sandbox lets you observe and analyze threats in an isolated and safe environment.

Why is Sandboxing Essential?

Sandbox provides a tightly controlled environment for programs to run. In Sandboxing, the scope of action for a code is limited, providing it just the permissions it needs to function, without adding additional permissions that could be abused.

For example, a web browser essentially runs web pages we visit in a sandbox. They’re restricted to running in our browser and accessing a limited set of resources — they can’t view our webcam without permission or read our computer’s local files. If the websites visited weren’t sandboxed and isolated from the rest of the system, then visiting any malicious website would be as bad as installing a virus directly.

What is Browser Sandboxing?

Browser Sandboxing is a security model that works by physically isolating Internet users’ browsing activity from the infrastructure, local computers, and networks. There are two main browser isolation techniques:

Local browser isolation works by running the browser in a container or virtual machine.
Remote browser isolation involves running a browser on an organization-hosted or cloud-based server such as BrowserStack, which allows the users to browse web applications in a cloud-based environment.

Local Browser Isolation: Virtual Browser

Virtual browsers run the websites in an isolated environment, acting as a protective barrier between external threats on web and user machines connected to a corporate network. In such as case, if the user visits any malicious site or downloads a malicious file, these threats are unable to reach the endpoint.

Virtual browsers significantly improve security and allow organizations to leverage old and unsupported versions of browsers.

Remote Browser Isolation (RBI)

Remote browser Isolation is sandboxing that can be hosted over the cloud by an organization or by third-party providers. As users browse the Internet, the remote server starts a browser in a container to keep it safe from the external environment.

Remote isolation is expensive as it requires the allocation of resources for running a large volume of containerized browsers. But using third-party providers can be cost-effective.

Test on Secured Real Device Cloud for Free

Sandboxing with different browsers

Most of the browsers already have a sandbox to enhance your computer protection. Let’s see how it differs regarding different types of web browsers.

Firefox Sandbox

To protect your computer against any malicious activity, Firefox runs any kind of untrusted code in a sandbox. Firefox runs the code in two parts i.e. the Parent and the Child processes. While browsing the internet, all the untrusted processes are run in the Firefox sandbox.

This activity helps limit the contamination from any malware in case any suspicious activity occurs. The Parent part of the code mediates between the computer resources and the child processes that are run in the Sandbox. This way the computer resources are not fully exposed to the code.

However, users can alter the strictness or ease of the sandboxing level in Firefox. When the Sandbox runs at Level 0, Firefox is least restrictive in nature, while at level 2, it stands balanced. At level 3, Firefox behaves to be very restrictive. To check the Sandboxing level of Firefox in use, enter the following command in the address bar of Firefox

about:config

This returns the Firefox configurable variables on the webpage. Upon this, press CTRL+F when the cursor is placed on the config page. Enter the following command in the Find input field box

security.sandbox.content.level

This function returns the value of the current sandboxing level of Firefox.

Chromium Browser Sandbox

Chromium Browser Sandbox is used by both Microsoft Edge and Google Chrome browsers. It is similar to that of Firefox Browser Sandbox.

It also runs in two parts just as Firefox Sandbox. These parts run the broker process and the target process of the code. While, the parent process here, is termed as broker process, the child processes are named as target processes. All codes that are run by the target processes run within the sandbox. The broker process acts as a mediator between the child process and computer resources to maintain the required supply of the resources.

Microsoft Edge Sandbox

On starting the Windows 10 Sandbox, you will get a new desktop with only Recycle Bin and Edge shortcuts. It shows Start Menu and other icons. However, these icons don’t really work in the sandboxed environment. It is recommended to open them in the main Windows 10 instead of sandboxed Windows 10.

Run Edge from the sandboxed Windows 10 environment to ensure maximum security while browsing. Once the sandbox is closed, no one can trace your browsing activities. However, your ISP might create a log of the activities, but no one can check the activities performed using Edge in the sandbox. If any website downloads malware to your system, the malware too would disappear upon closing the sandbox.

Note: In Windows 10 Pro and above editions, you can use Windows Sandbox for running Microsoft Edge.

How to turn off Google Chrome Sandbox?

To turn off the Google Chrome Sandbox, right-click on its icon. Click on Properties and then on the Shortcut tab in the dialog box.
Add the following to the app path shown in the Target:

--no-sandbox

Post this, whenever you click the Chrome icon, it will load Chrome without a sandbox.

Browser Sandboxing using third-party tools

Creating a sandbox using third-party tools such as Sandboxie is possible without using the browser. Just turn on the sandbox program being used and when the sandbox is created, you can install the browsers. It is important to know that once the sandboxing is closed, all the contents of the sandbox are cleared.

Hence, in case you want to use Firefox again in a sandbox, you will have to create a sandbox and install it again.

Beyond Browser Sandboxing: Test on Secured Real Device Cloud

However, one must understand that using a sandboxed environment for browsers won’t make it 100% safe. It may happen that some parts of the browser extend beyond the sandbox, especially if they are still using Flash and ActiveX elements. These can still be compromised, and cybercriminals can access the computers. But, it is essential to adopt the best possible ways to safeguard applications, and Sandboxing is definitely one of those ways.

Using a secure Real Device Cloud for testing web applications is a way to ensure complete security. BrowserStack’s Real Device Cloud follows standard security protocols and compliances like SOC2 Type2, where the web application cannot be compromised by any external attacks. Besides, one can test the applications on all the versions of browsers that too under real user conditions on devices across different platforms.

Let’s see an example of testing a web application, gmail.com through BrowserStack Live.

Go to BrowserStack Live and Sign in.
Select your desired OS and the browser. With BrowserStack Live you can choose to run your tests across iOS, Android, Windows, etc, and can choose any of the available browser versions too. In this case, I am opting for Windows 10 and Chrome Browser of the latest version.
On selecting the OS and browser type, you will see a screen as shown below.
Once the session starts, you can use it as a normal browser.
Enter the URL of the application you want to test under secured browser
You can also use any of the available options from the toolbar to switch the browser or change the resolution or simply minimize it.