Pages not opening when Microsoft Edge is running in Application Compartment (NO Isolation)

[offhub]

Describe what you noticed and did

1. Run Microsoft Edge in Application Compartment (NO Isolation)
2. Browser will start but won't be able to open pages. (Error code: STATUS_ACCESS_VIOLATION)

How often did you encounter it so far?

Every time

Affected program

Microsoft Edge 111.0.1661.51 (Official build) (64-bit)

Download link

Not relevant

Where is the program located?

The program is installed only outside the sandbox.

Expected behavior

Pages should open.

What is your Windows edition and version?

Windows 10 Pro 22H2 64-bit (19045.2728)

In which Windows account you have this problem?

User account with UAC protection set to Always notify.

Please mention any installed security software

Microsoft Windows Defender

What version of Sandboxie are you running?

Sandboxie-Plus 1.8.1 64-bit

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

No response

In which sandbox type you have this problem?

In an Application Compartment sandbox with no isolation (green sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

#
# Sandboxie configuration file
#

[GlobalSettings]
DefaultBox=DefaultBox
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
Template=WindowsRasMan
Template=WindowsLive
Template=OfficeLicensing
Template=Edge_Fix
Template=7zipShellEx

[UserSettings_21E20370]
SbieCtrl_AutoStartAgent=SandMan.exe
SbieCtrl_EnableAutoStart=y

[DefaultBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,ttl,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
BoxNameTitle=n
UseFileDeleteV2=y
UseRegDeleteV2=y
CopyLimitKb=81920
FileTrace=*
AutoDelete=y

[GreenBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00fd00,ttl
Template=RpcPortBindingsExt
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
NoSecurityIsolation=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y

[CyanBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#e8e803,ttl
Template=RpcPortBindingsExt
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
NoSecurityIsolation=y
UsePrivacyMode=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y

[DavidXanatos]

It seems the issue is caused by the inability to load sbiedll.dll when the worker process is started with a AppContainer token,
in a future build it wil be possible to disable the uses of these tokens also in app compartment mode with DropAppContainerToken=y but it will reduce Chromium's own security.

EDIT: a fix was committed in 97bf5dc