A browser sandbox is a containment layer that isolates the browser’s tabs, renderers, and other components from the rest of the operating system. Its job is to limit what a compromised browser process can read, write, or control, even if an attacker finds a memory bug in the engine or renderer.
This matters because modern browsers execute complex, untrusted code every time a page loads. If an out-of-bounds flaw or similar bug is exploited, the sandbox helps prevent immediate access to files, credentials, devices, or other system resources. In real attacks, sandbox escape is often the next goal after initial code execution: attackers chain a browser bug with a second vulnerability or a misconfiguration to break out of confinement. Defenders rely on the sandbox as a major mitigation, but it is not a full defense on its own. Strong patching, site isolation, and least-privilege browser policies all improve its protection.



