Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Google Chrome in OpenClaw: Without Sandbox Protection
GHSA-43x4-g22p-3hrq
Summary
A security setting in OpenClaw's Chrome browser is turned off by default, making it easier for hackers to take control of the browser. This affects all versions of OpenClaw up to 2026.2.19-2. To fix this, the team will release a new version (2026.2.21) that only turns off the sandbox option if you explicitly choose to do so. In the meantime, you should update to the latest available version or wait for the next release.
What to do
- Update openclaw to version 2026.2.21.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.21 | 2026.2.21 |
Original title
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container
Original description
## Summary
Sandbox browser container launched Chromium with `--no-sandbox` by default, disabling Chromium's OS-level sandbox protections.
## Affected Packages / Versions
- Package: `openclaw` (npm ecosystem)
- Latest published npm version at triage time (2026-02-21): `2026.2.19-2`
- Affected range: `<= 2026.2.19-2`
- Planned patched version for next release: `2026.2.21`
## Impact
When `--no-sandbox` is enabled by default, renderer compromise no longer requires a separate sandbox escape. This weakens container browser isolation and increases impact from renderer-side bugs.
## Resolution
- Default `--no-sandbox` removed from sandbox browser entrypoint.
- Explicit opt-in added via `OPENCLAW_BROWSER_NO_SANDBOX` / `CLAWDBOT_BROWSER_NO_SANDBOX`.
- Browser container hash migration + security audit checks added so stale containers are surfaced and can be recreated safely.
## Fix Commit(s)
- e7eba01efc4c3c400e9cfd3ce3d661cbc788a631
- 1835dec2004fe7a62c6a7ba46b8485f124ec6199
## Release Process Note
The advisory `patched_versions` field is pre-set to the planned next release (`2026.2.21`). After npm release publication, only advisory publish action should remain.
OpenClaw thanks @TerminalsandCoffee for reporting.
Sandbox browser container launched Chromium with `--no-sandbox` by default, disabling Chromium's OS-level sandbox protections.
## Affected Packages / Versions
- Package: `openclaw` (npm ecosystem)
- Latest published npm version at triage time (2026-02-21): `2026.2.19-2`
- Affected range: `<= 2026.2.19-2`
- Planned patched version for next release: `2026.2.21`
## Impact
When `--no-sandbox` is enabled by default, renderer compromise no longer requires a separate sandbox escape. This weakens container browser isolation and increases impact from renderer-side bugs.
## Resolution
- Default `--no-sandbox` removed from sandbox browser entrypoint.
- Explicit opt-in added via `OPENCLAW_BROWSER_NO_SANDBOX` / `CLAWDBOT_BROWSER_NO_SANDBOX`.
- Browser container hash migration + security audit checks added so stale containers are surfaced and can be recreated safely.
## Fix Commit(s)
- e7eba01efc4c3c400e9cfd3ce3d661cbc788a631
- 1835dec2004fe7a62c6a7ba46b8485f124ec6199
## Release Process Note
The advisory `patched_versions` field is pre-set to the planned next release (`2026.2.21`). After npm release publication, only advisory publish action should remain.
OpenClaw thanks @TerminalsandCoffee for reporting.
ghsa CVSS4.0
6.9
Vulnerability type
CWE-693
Protection Mechanism Failure
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026