What does the Chromium option `--no-sandbox` mean?
I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –
Hopefully this shed some light on the topic of sandbox:
- Quick introduction to Chrome's sandbox.
- More in depth design document. With internal links to FAQ, etc.
And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)