[defap]

> Safari just sandboxes plugins

That hasn't been true for at least 5 years. Safari has used a sandboxed, multi-process architecture for Web content since version 5.1.

[cptskippy]

My understanding is that kernel level sandboxing in OSX is per application, not per process unless you dispatch XPC services. Does Safari utilize XPC for rendering? If not then the processes aren't sandboxes from on another unless by some mechanism internal to Safari, which is entirely possible.

I was referring to the internal sandboxing Safari does to isolate plugins from everything else.

[defap]

> Does Safari utilize XPC for rendering?

Web content and plug-in processes are XPC services, yes.