NaCI
chrome://sandbox
The original motivation was to run native code (web browser extensions) that are potentially untrustworthy from third party developer.
An compiler-assisted inner sandbox that creates a security subdomain within a process. (Intra-process sandbox)
Needs to be compiled with their own toolchain to enforce the constraints shown here via NaCL compiler with constraints.
However, Deprecated in Q4 2019 in favor of WebAssembly (leaning towards a cross-browser solution unlike NaCL was only chrome-based solution)
storage.googleapis.com
https://storage.googleapis.com/pub-tools-public-publication-data/pdf/34913.pdf