How to manage unsandboxed plugins on your Chromebook

Tired of Chrome OS asking you if you want to allow an unsandboxed plugin to run? Jack Wallen shows you how to blacklist and whitelist URLs and Domains.

Learn how to manage unsandboxed plugins on your Chromebook Tired of Chrome OS asking you if you want to allow an unsandboxed plugin to run? Jack Wallen shows you how to blacklist and whitelist URLs and Domains.

Chrome OS uses a special subsystem to help prevent most plugins from gaining elevated permissions. Should the wrong plugin gain such permissions, bad things could ensue. That's a pretty good first line of defense. After all, plugins can be a glaring hole in system security. Remember, it's the browser plugin that allows (or disallows) the likes of Javascript and Flash content. Chrome OS does this by sandboxing all plugins. By confining plugins to a sandbox, they are prevented from having free access to your entire system (and the data contained within).

However, there are instances where you need to allow a plugin full access. Say, for instance, when a plugin needs to install a necessary piece of software so that a website can function properly. If said plugin is fully sandboxed, that installation won't be allowed.

Out of the box Chrome OS is set to ask you when a site wants to use a plugin to access your computer. That's a fairly safe setting. You certainly don't want to disable that and allow every site to run all plugins unsandboxed, as that would cause a serious security issue.

However, thanks to the Chrome OS developers, you can blacklist and whitelist sites. As you might expect, a blacklist site can't use unsandboxed plugins, whereas a whitelist site can. This is especially helpful when you know of a particular site that must use a plugin to gain full access to your computer.

SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)

How do you do this? It's actually quite simple.

How to find the setting

Finding the location in the Chrome OS settings is pretty straightforward. Do the following:

  1. Click on the system tray.
  2. Click on the gear icon.
  3. When the Settings window opens, scroll to the bottom and click Advanced.
  4. Locate Content settings, and then click on the right-pointing arrow (Figure A).
  5. Scroll down and click Unsandboxed plugin access.

Figure A

Figure A

The Content settings option.

How to blacklist a site

Because of the way Chrome OS is set up, every time a site wants to allow an unsandboxed plugin to gain access to your system, it will ask if you want to okay that. Such behavior can get pretty annoying, especially when you already know which sites you want to deny access. For that, you can blacklist sites. To do this, click the Add button associated with Block (Figure B).

Figure B

Figure B

The Unsandboxed plugins settings window.

In the resulting pop-up (Figure C), add the site address. If you want to block an entire domain, you cannot use wildcards, such as *.baddomain.com (where baddomain.com is the domain address to be blocked).

Instead, you can either enter baddomain.com (which will be seen as a domain) or enter each URL separately, such as www.baddomain.com, mail.baddomain.com, ftp.baddomain.com, etc.

Figure C

Figure C

Blocking a site from using unsandboxed plugins.

Once you've added the URL (or domain), click Add and you're finished. Repeat this process for every URL/domain you want to block.

How to whitelist a site

To whitelist a site use the same process, only click the Add button associated with Allow. Add the sites in similar fashion. Click Add when you done. Rinse, wash, repeat until you have all of the necessary sites whitelisted.

That's all

At this point, every site/domain you've blacklisted will no longer allow (or ask you if you want to allow) unsandboxed plugins, whereas every site/domain you've whitelisted will allow (without asking) unsandboxed plugins.

It is important that you use this feature wisely. Do not whitelist any site/domain unless you know (without a doubt) that it can be trusted.

Image: Jack Wallen

By Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.