diff --git a/libcef_dll/sandbox/sandbox_win.cc b/libcef_dll/sandbox/sandbox_win.cc index b27ba60d7..f8cdcc91f 100644 --- a/libcef_dll/sandbox/sandbox_win.cc +++ b/libcef_dll/sandbox/sandbox_win.cc @@ -17,7 +17,11 @@ void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* info) { } else { // Ensure the proper mitigations are enforced for the browser process. sandbox::ApplyProcessMitigationsToCurrentProcess( - sandbox::MITIGATION_DEP | sandbox::MITIGATION_DEP_NO_ATL_THUNK); + sandbox::MITIGATION_DEP | sandbox::MITIGATION_DEP_NO_ATL_THUNK | + sandbox::MITIGATION_HARDEN_TOKEN_IL_POLICY); + // Note: these mitigations are "post-startup". Some mitigations that need + // to be enabled sooner (e.g. MITIGATION_EXTENSION_POINT_DISABLE) are done + // so in Chrome_ELF. } }