Skip to main content
Cromite for Windows provides a privacy-focused browsing experience with enhanced security features including network process sandboxing and renderer app containerization.

System Requirements

  • Windows Version: Windows 10 or later
  • Architecture: x64 (64-bit)
  • Storage: ~200MB free space
  • Administrator Access: Required for initial security configuration

Installation

1

Download Windows Package

Download the latest Windows release:Extract the ZIP file to your preferred location, for example:
  • C:\Program Files\Cromite
  • %LOCALAPPDATA%\Cromite
  • Any directory of your choice
2

Enable Network Process Sandbox

This step is critical for security and must be performed on first installation.Open Command Prompt or PowerShell as Administrator:
cd "C:\path\to\cromite\directory"
icacls . /grant "*S-1-15-2-2:(OI)(CI)(RX)"
Replace C:\path\to\cromite\directory with your actual installation path.
This command grants the necessary permissions for the network process sandbox to function. Without it, network isolation will be disabled, reducing security.
What this does:
  • Grants Read and Execute permissions to the ALL_APP_PACKAGES security principal
  • (OI) = Object Inherit - applies to files
  • (CI) = Container Inherit - applies to subdirectories
  • (RX) = Read and Execute permissions
See issue #51 for technical details.
3

Enable RendererAppContainer (Recommended)

For maximum security, enable the RendererAppContainer feature.Option 1: Command Line FlagLaunch Cromite with the following flag:
chrome.exe --enable-features=RendererAppContainer
Option 2: Create a Shortcut
  1. Right-click on chrome.exeCreate shortcut
  2. Right-click the shortcut → Properties
  3. In the Target field, append the flag:
"C:\path\to\cromite\chrome.exe" --enable-features=RendererAppContainer
  1. Click OK
RendererAppContainer requires the icacls permissions from Step 2 to function properly.
What this does:
  • Runs renderer processes in Windows AppContainers
  • Provides stronger isolation between web content and the system
  • Limits damage from potential browser exploits
  • Highly recommended for security-conscious users
4

Launch Cromite

Run chrome.exe from your installation directory or use the shortcut you created.On first launch:
  1. Choose your default search engine
  2. Configure data directory location (optional)
  3. Review initial settings

Automatic Updates with chrlauncher

chrlauncher is a lightweight launcher that automatically updates Cromite and provides additional configuration options.
chrlauncher is the recommended way to run Cromite on Windows for automatic updates and enhanced configuration.

Installation Steps

1

Download chrlauncher

Download the latest version from:Extract chrlauncher to the same directory as your Cromite installation or a separate directory.
2

Create Configuration File

Create a file named chrlauncher.ini in the same directory as chrlauncher.exe.
[chrlauncher]

# Custom Chromium update URL (string):
ChromiumUpdateUrl=https://github.com/uazo/cromite/releases/latest/download/updateurl.txt

# Command line for Chromium (string):
# note --user-data-dir= works better if path is absolute
# See here: http://peter.sh/experiments/chromium-command-line-switches/
ChromiumCommandLine=--user-data-dir="%LOCALAPPDATA%\Cromite\User Data" --no-default-browser-check

# Chromium executable file name (string):
ChromiumBinary=chrome.exe

# Chromium binaries directory (string):
# Relative (to chrlauncher directory) or full path (env. variables supported).
ChromiumDirectory=.\bin
3

Configure User Data Directory

The --user-data-dir parameter specifies where Cromite stores your profile data.Recommended locations:
  • %LOCALAPPDATA%\Cromite\User Data (default)
  • %APPDATA%\Cromite\User Data
  • Custom path of your choice (use absolute paths)
To prevent Microsoft Defender from deleting Cromite binaries during updates, add the user-data-dir folder to Defender’s exclusion list:
  1. Open Windows Security
  2. Go to Virus & threat protection → Manage settings
  3. Scroll to Exclusions → Add or remove exclusions
  4. Add your Cromite directories
4

Run icacls Command

Apply the security permissions to the chromium binaries directory:
cd "C:\path\to\chrlauncher\bin"
icacls . /grant "*S-1-15-2-2:(OI)(CI)(RX)"
This may need to be run after each update if the directory is recreated.
5

Launch via chrlauncher

Run chrlauncher.exe instead of chrome.exe.On first launch, chrlauncher will:
  1. Download the latest Cromite release
  2. Extract it to the bin directory
  3. Launch Cromite with your configured parameters
Subsequent launches will check for updates automatically.

chrlauncher Configuration Options

Add these to ChromiumCommandLine in chrlauncher.ini:Privacy & Security:
  • --no-default-browser-check - Skip default browser prompt
  • --disable-background-networking - Disable background connections
  • --disable-sync - Disable Google Sync
  • --enable-features=RendererAppContainer - Enable renderer isolation
Data Location:
  • --user-data-dir="<path>" - Set profile directory (use absolute paths)
  • --disk-cache-dir="<path>" - Set cache directory
Debugging:
  • --enable-logging - Enable logging
  • --v=0 - Set verbosity level (0-2)
  • --log-file=<path> - Specify log file location
See Chromium Command Line Switches for more options.
chrlauncher checks for updates on each launch. To customize:
  1. Check the chrlauncher documentation for update configuration options
  2. Consider running chrlauncher at Windows startup for seamless updates
  3. Updates download automatically but won’t interrupt your browsing
Recommended directory structure with chrlauncher:
C:\Program Files\Cromite\
├── chrlauncher.exe
├── chrlauncher.ini
└── bin\
    ├── chrome.exe
    ├── chrome.dll
    └── [other Cromite files]
The bin directory is managed by chrlauncher and will be updated automatically.

Security Features

Network Process Sandbox

The network process sandbox isolates network operations from the main browser process. Benefits:
  • Limits damage from network-related vulnerabilities
  • Prevents network exploits from accessing local resources
  • Required for full security posture
Verification:
  1. Launch Cromite
  2. Navigate to chrome://sandbox
  3. Check that “Network Process” shows “Sandboxed”
If the network process shows “Not sandboxed”, verify you ran the icacls command correctly.

RendererAppContainer

RendererAppContainer uses Windows AppContainer technology to isolate renderer processes. Benefits:
  • Stronger isolation than traditional sandboxing
  • Prevents renderer exploits from accessing the file system
  • Limits lateral movement in case of compromise
  • Recommended by security researchers
Verification:
  1. Launch Cromite with --enable-features=RendererAppContainer
  2. Navigate to chrome://sandbox
  3. Check renderer process isolation status
Both network sandbox and RendererAppContainer should be enabled for maximum security.

Troubleshooting

Error: Access is denied
  • Ensure you’re running Command Prompt/PowerShell as Administrator
  • Right-click → “Run as administrator”
Error: Invalid parameter
  • Verify the SID is correct: *S-1-15-2-2
  • Check for typos in the command
  • Ensure you’re in the correct directory
If chrome://sandbox shows processes as “Not sandboxed”:
  1. Verify icacls was run in the correct directory
  2. Check Windows version (Windows 10+ required)
  3. Ensure User Account Control (UAC) is enabled
  4. Try running icacls on parent directory
  5. Restart Cromite after applying permissions
If Defender quarantines Cromite binaries:
  1. Restore files from Defender quarantine
  2. Add exclusions for:
    • Cromite installation directory
    • User data directory
    • chrlauncher directory
  3. Whitelist chrome.exe and chrome.dll
Alternative: Use Windows Security’s “Controlled folder access” to allow Cromite explicitly.
Check these items:
  1. Internet connection active
  2. GitHub not blocked by firewall
  3. updateurl.txt URL is correct in config
  4. Write permissions in ChromiumDirectory
  5. Sufficient disk space
Manual update:
  1. Download latest chrome-win.zip
  2. Extract to bin directory
  3. Run icacls command
  4. Launch via chrlauncher
Common issues:
  • Relative paths may not work reliably
  • Use absolute paths in --user-data-dir
  • Ensure the directory exists or Cromite can create it
  • Check folder permissions
Example working configuration:
ChromiumCommandLine=--user-data-dir="C:\Users\YourName\AppData\Local\Cromite\User Data"

Advanced Configuration

Creating a Desktop Shortcut

1

Locate Executable

Find either:
  • chrome.exe (manual installation)
  • chrlauncher.exe (with auto-updater)
2

Create Shortcut

Right-click the executable → Send to → Desktop (create shortcut)
3

Configure Shortcut

Right-click the shortcut → Properties:
  1. Target: Add command line flags
"C:\Program Files\Cromite\chrome.exe" --enable-features=RendererAppContainer
  1. Start in: Set working directory
C:\Program Files\Cromite
  1. Icon: Optionally change the icon

Running as Portable Application

To run Cromite from a USB drive or without installation:
  1. Extract chrome-win.zip to your portable drive
  2. Create a chrlauncher.ini with relative paths: 
    ChromiumCommandLine=--user-data-dir=".\UserData"
ChromiumDirectory=.\bin
  3. Run icacls command on the target machine
  4. Launch via chrlauncher
icacls permissions may need to be reapplied on each machine you use the portable installation on.

Next Steps

Privacy Settings

Configure privacy features and anti-fingerprinting

Ad Blocking

Set up content blocking and custom filters

Settings Guide

Configure advanced settings and features

FAQ

Find answers to common questions

Build docs developers (and LLMs) love

Get started for freeTalk to us