through JavaScript, is there a way I can detect whether or not the Chrome browser is running with --no-sandbox
or if it is running with the sandbox enabled?
CodePudding user response:
From a V8 perspective: V8 doesn't know anything about Chrome's sandbox, so this isn't a V8 question. (Dropping the tag.)
From a Chrome perspective: I sure hope that there is no way to detect that. If there is, that would likely qualify as a security bug. So if you find a way, you may receive a bounty if you submit it at crbug.com/new. Then again you probably already know that, since running without the sandbox is only relevant if you've already found some other exploit... On the flipside, that means that there's an indirect way to detect it: using the exploit you already have, try accessing the file system. If that works, the sandbox was off.