Some things to note: The sandbox should *not* yet be considered a strong security boundary (more details in an upcoming blog post). Further, the sandbox can only provide security benefits in cases where untrusted JavaScript is being executed by V8 (such as is the case in Chromium). It has no effect when the JavaScript code is considered trusted. Finally, to operate securely, the sandbox also needs cooperation from the Embedder, such as a special ArrayBufferAllocator (see e.g.
this allocator for an example) and likely other things in the future. To disable the sandbox, the `v8_enable_sandbox=false` gn flag can be used.