Chrome's sandbox has an extremely solid design and implementation. It's far more robust than anything else available, and we have yet to see an attack in the wild that can bypass it. Our big remaining weak spot is NPAPI--because plugins can't be sandboxed without completely rewriting their platform layer. Using AdBlock addresses this weakness by preventing plugin content from loading. You can achieve the same effect by turning on click-to-play or plugin blocking.
The linked video from VUPEN doesn't actually show a Chrome hack. It's a Flash exploit, which affects any browser with Flash installed (including about 98% of desktop browsers). We've been working for almost two years on developing a fully sandboxed Flash implementation, and expect to ship it to all platforms early next year. It's taken so long because sandboxing a large existing application is a huge engineering effort--particularly when you have such a long compatibility matrix. FWIW, the custom PDF reader we ship has always been fully sandboxed, just like all normal web content in Chrome.
Currently, the only Chrome platform with a fully sandboxed Flash is ChromeOS, because we had to rewrite the platform layer from scratch anyway (and did not implement several Flash features initially). The Windows version of Chrome also has a sandbox of a sort; it runs Flash in low-integrity mode (just like IE on Vista+). This is nowhere near as strong as the real Chrome sandbox, but we were able to implement it relatively quickly as a stopgap measure. The shipping Mac and Linux versions have no Flash sandbox right now.
Thank you for helping to build such a solid browser. We love it, and our clients love it, and we love working on a first-time client's machine and seeing that they're already using it. :-)
The linked video from VUPEN doesn't actually show a Chrome hack. It's a Flash exploit, which affects any browser with Flash installed (including about 98% of desktop browsers). We've been working for almost two years on developing a fully sandboxed Flash implementation, and expect to ship it to all platforms early next year. It's taken so long because sandboxing a large existing application is a huge engineering effort--particularly when you have such a long compatibility matrix. FWIW, the custom PDF reader we ship has always been fully sandboxed, just like all normal web content in Chrome.
Currently, the only Chrome platform with a fully sandboxed Flash is ChromeOS, because we had to rewrite the platform layer from scratch anyway (and did not implement several Flash features initially). The Windows version of Chrome also has a sandbox of a sort; it runs Flash in low-integrity mode (just like IE on Vista+). This is nowhere near as strong as the real Chrome sandbox, but we were able to implement it relatively quickly as a stopgap measure. The shipping Mac and Linux versions have no Flash sandbox right now.