Manage Sandboxed and Unsandboxed Plugins in Chrome

chrome unsandboxed plugins
Manage Sandboxed and Unsandboxed Plugins in Chrome. Getty Images (Tim Robberts #111035051)

This tutorial is only intended for users running the Google Chrome browser on Chrome OS, LinuxMac OS X, or Windows operating systems.

Browser plugins are an essential component of the overall Web experience, giving Chrome the ability to process content like Flash and display certain popular file types such as PDF. While a necessity in some scenarios, plugins have traditionally been one the most exploited browser elements by those with less-than-honest intentions.

Because of these inherent vulnerabilities, having a grasp of how Chrome handles their functionality is crucial. This tutorial details the ins and outs of Chrome plugins.

First, open your Chrome browser. Click on the Chrome menu button, represented by three horizontal lines and located in the upper right-hand corner of your browser window. When the drop-down menu appears, select the Settings option. You can also access Chrome's settings interface by entering the following text in the browser's Omnibox, also known as the address barchrome://settings

Chrome's Settings should now be displayed in a new tab. Scroll down, if necessary, to the bottom of the screen. Next, click on the Show advanced settings link. Your browser's Privacy settings should now be visible. Select the Content settings...button, found directly below the section header. Chrome's Content settings pop-up window should now be displayed.

Scroll down until you locate the Plug-ins section, containing three options each accompanied by a radio button. They are as follows.

  • Run all plugin content: This option instructs Chrome to run all active plugins, with the exception of those that are not up-to-date. Although this may seem like a security risk the browser executes plugins in a virtual sandbox, preventing them from being exploited for nefarious purposes. For more information about unsandboxed plugins, continue reading below.
  • Detect and run important plugin content: Enabled by default, this setting instructs Chrome to only automatically run those plugins deemed important. Other plugins would still require manual intervention to be executed.
  • Let me choose when to run plugin content: The most restrictive of the three options, manual intervention is required to run any and all plugins.

To allow or block specific plugins from running within Chrome, click on the Manage exceptions button. All user-defined exceptions automatically override the above settings.

At the bottom of the Plugins section is a link labeled Manage individual plugins. Clicking on this link opens a new tab displaying all plugins currently installed in your Chrome browser, each accompanied by its title and related information. To view more in-depth information about each, click on the Details link found in the upper right-hand corner of the screen. Also accompanying each plugin is an Enable/Disable link, which allows you to easily toggle its functionality off and on at will. If you wish for a particular plugin to always be available to the browser, no matter the situation, place a check mark next to the Always allowed option.

For more information on disabling Chrome extensions and plugins, visit this related tutorial.

Unsandboxed Plugins

While Google Chrome uses its internal sandboxing functionality to prevent most plugins from having elevated access to your computer, there are certain situations where direct access is required. Some examples are when a website needs to utilize a plugin to install new software or to stream protected multimedia content, needing unhindered - and therefore unsandboxed - privileges.

Since malicious sites may seek to circumvent the sandbox to exploit vulnerabilities, it is imperative that you understand how this feature works to protect you as well as how to configure its settings to your liking.

First, return to Chrome's Content settings pop-up window. Scroll down until you locate the Unsandboxed plugin access section, containing the following three options each accompanied by a radio button.

  • Allow all sites to use a plugin to access your computer: When enabled, this setting allows any and all websites to access your computer with unsandboxed plugins. Under no circumstance is it recommended that you enable this option, unless you are an advanced user and have a very specific need to do so.
  • Ask when a site wants to use a plugin to access your computer (recommended): The recommended setting, enabled by default, this option will prompt you each time a website attempts to utilize an unsandboxed plugin.​​
  • Do not allow any sites to use a plugin to access your computer: The most restrictive of the three options, this setting causes Chrome to block all unsandboxed plugin execution - with the exception of those running on websites found within the related whitelist. To access and add/delete sites from this list, click on the Manage exceptions button.
Was this page helpful?