I appreciate you sharing that, thanks! On here I set up the restrictions using user accounts and groups, iptables, cgroups and some monitoring of CPU and memory, with cpulimit and pkill for excessive use. Sort of like a lightweight "container" for each browser process.
In other words, each chrome process runs in its own user-space (a no-login user which exists only for the duration of the session), which has cpu and memory limits thanks to cgroups, bandwidth limits and restrictions thanks to iptables, and disk and browser cache limits thanks to chrome command-line flags.
In other words, each chrome process runs in its own user-space (a no-login user which exists only for the duration of the session), which has cpu and memory limits thanks to cgroups, bandwidth limits and restrictions thanks to iptables, and disk and browser cache limits thanks to chrome command-line flags.