Chrome strengthens security on Windows: Network Service gets its own sandbox

Google aims to prevent unauthorized code

News

Reading time icon 3 min. read

Calendar icon Published on

by Venkat 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Google is taking Chrome security to the next level on Windows by adding an extra layer of protection to the Network Service. This crucial background process, responsible for all your internet connections in Chrome, will be placed in a special sandbox environment.

This isolation aims to prevent harmful third-party code from tampering with the service, potentially enhancing your browsing security. Google is planning to introduce this security enhancement to the public with Chrome 122.

What is Network Service and what does it do?

The Network Service is an important background process that handles network connections and data in Chrome. It works tirelessly behind the scenes to:

  • Download website content like text, images, and videos.
  • Establish and maintain connections to websites you visit.
  • Handle data transfers smoothly and efficiently.
  • Perform various network-related tasks.

Google Sandboxes Chrome’s Network Service on Windows

While Chrome already runs in a sandbox, Google is taking additional steps to isolate the Network Service further. This sandbox within a sandbox approach creates an even more secure environment, making it harder for malicious actors to exploit vulnerabilities and compromise your data.

Benefits of Sandboxing the Network Service:

Enhanced Security: By isolating the Network Service, Google aims to prevent unauthorized code from interacting with it, potentially mitigating security risks and data breaches.
Improved Reliability: Sandboxing can protect the Network Service from unexpected crashes or errors, leading to a more stable and reliable browsing experience.

To improve security and reliability, the Network Service, already running in its own process, will be sandboxed on Windows. As part of this, third-party code that is currently able to tamper with the Network Service may be prevented from doing so.

Checking the Network Service Sandbox Status:

While this feature is still in its testing phase, you can check if your Network Service is sandboxed in Chrome 122 or later by following these steps:

  1. Open Chrome and navigate to chrome://sandbox.
  2. Look for “Network Service.”
  3. If it shows “Sandbox: Not Sandboxed,” it’s currently not isolated.
  4. If it shows “Sandbox: Network,” it’s running inside a Windows App Container, indicating active sandboxing. You can click the “+” icon for more details.

Google plans to enable Network Service sandboxing on Windows with Chrome 122. However, currently, this feature is not user-enabled and requires running Chrome with specific command-line switches:**

To enable it: --enable-features=NetworkServiceSandbox
To disable it: --disable-features=NetworkServiceSandbox

It’s important to note that you may not directly see or feel any immediate effects on your browsing experience with this change.

We recently reported on Chrome’s new security setting for controlling V8 optimizations. You might be interested in reading it.

More about the topics: Google Chrome

Venkat

Venkat Shield

Tech Journalist

Venkat, an experienced tech writer from India, specializes in uncovering new web browser features and tech trends. His work bridges the gap between technology and its users, making the digital world more accessible.