--- slug: process-trust-model created: 2026-05-12 updated: 2026-05-16 --- # The Process Trust Model Chromium runs each renderer, GPU process, and network stack in a separate operating-system process. The decision dates to the project's 2006 design and 2008 launch and established the entire subsequent security architecture: everything in Chromium's security model is downstream of processes being isolated at the OS level. The browser process is privileged (file-system access, network access, ability to create child processes, access to user secrets). The renderer processes are deliberately unprivileged — no direct file-system access, no direct network access, no ability to create child processes. The OS enforces the boundary; Mojo IPC is how the two sides talk; every message from a renderer is treated as potentially hostile because the renderer can be compromised by any malicious JavaScript page it loads. The patterns in this section describe how that trust model is maintained in practice. Site Isolation extends the process boundary to each cross-site iframe, paying roughly ten to thirteen percent in memory overhead for the protection Spectre-class side channels required after January 2018. Process consolidation under memory pressure relaxes the isolation conditionally on lower-memory hardware — a deliberate engineering tradeoff that downstream security reviewers need to know about. Stateless IPC interfaces are mandatory because a compromised renderer can call methods out of order; stateful interfaces are an antipattern that allows uninitialized browser-process memory to be exploited. The Untrusted Renderer Axiom is the foundational concept that makes every browser-side IPC validation legible — "the data was already validated by the renderer" is never an acceptable reason to skip browser-side validation. A reader auditing a Chromium-based product for security exposure, reviewing a proposed IPC interface, or grounding an AI coding agent in IPC discipline starts here. The Sandbox Escape Chain concept names the link-by-link structure of how a renderer compromise becomes a host compromise — the second link, the V8 heap sandbox bypass or Mojo IPC privilege escalation, is what this trust model exists to make hard. "Renderer compromise" only becomes "host compromise" when the attacker also has a V8 heap sandbox bypass and a Mojo IPC privilege escalation, and all three depend on this trust model being clear. --- - [Next: Multi-Process Architecture](multi-process-architecture.md) - [Previous: Experiment That Became Permanent](permanent-experiment.md)