Manage Sandboxed and Unsandboxed Plug-Ins in Chrome

Use caution when giving unsandboxed plug-ins the run of your computer

chrome unsandboxed plugins
Manage Sandboxed and Unsandboxed Plugins in Chrome. Getty Images (Tim Robberts #111035051)

Browser plug-ins are an essential component of the overall web browsing experience. They make it possible for Chrome to process Flash content and display certain popular file types such as PDF, among many other features. While plug-ins are a necessity in some scenarios, they have traditionally been one the most exploited browser elements by people with less-than-honest intentions. When you have a grasp of how Chrome handles plug-in functionality, you are less likely to be victimized.

What Are Sandboxed and Unsandboxed Plug-ins?

Google Chrome uses its internal functionality to prevent most plug-ins from having elevated access to your computer. They are sandboxed, which means they don't have free rein in your computer. They are tightly limited to providing only the feature for which you downloaded them. However, there are certain situations where direct access is necessary. Some examples are when a website needs to use a plug-in to install new software or to stream protected multimedia content, needing unhindered—and therefore unsandboxed—privileges.

Since malicious sites may seek to circumvent the sandbox to exploit vulnerabilities, it is imperative that you understand how this feature works to protect you as well as how to configure its settings to your liking. Unsandboxed plug-ins are not allowed to function in your browser without your permission.

Setting Permissions for Unsandboxed Plug-Ins

You can set Chrome never to use an unsandboxed plug-in or to notify you and then use it only with your permission. Here's how:

  1. Open your Chrome browser.
  2. Click on the Chrome menu button, represented by three vertically aligned dots in the upper right corner of your browser window.
  3. When the drop-down menu appears, select the Settings option. You can also access Chrome's settings interface by entering chrome://settings in the browser's address bar.
  4. Scroll down to the bottom of the Settings screen and click the Advanced link to open the privacy settings
  5. Click the arrow in the Content settings section.
  6. Scroll down until you locate the Unsandboxed plugin access section and click the arrow next to it.
  7. Move the slider at the top of the screen to select one of two options: Ask when a site wants to use a plugin to access your computer (recommended) or Do not allow any site to use a plugin to access your computer.

In this same screen, you can also add URLs from sites for which you always want to block or always allow plug-ins. All user-defined exceptions automatically override the option you chose at the top of the screen.