Comment by xorcist

I think that partitioning and sandboxing software is underutilized, and that the Chromium sandbox is well designed.

But I don't know what sandbox escapes for Chromium look like? My guess would be that it involves things like browser plugins, or nasty stuff like WebGL. In which case sandboxing isn't failed, we're just not doing enough of it.