What does Sandbox chrome mean?

A sandbox chrome is like a special "section" of your computer that has been blocked off from accessing the rest of your computer. In a perfect sandbox you can do anything you want within it, but it will not affect the rest of your computer. This is used as a form of security, keeping any malware you might download from being able to affect the rest of your computer. It can only affect the sandbox.

The name "sandbox" comes from the idea that everything inside of it is not permanent. At any point, you can reset the sandbox back to where it was. Everything is built out of sand.

What ChromeOS does is apply sandboxing to every application and plugin process it runs. Each process is put into two different sandboxes. The first sandbox is the SETUID sandbox, which gives each application a place on the disk that it cannot leave. The rest of the disk cannot be affected. The second sandbox is referred to as seccomp-bpf, and it protects the operating system itself from being messed with.

Selinux and AppArmor are mostly similar to SETUID, in that they primarily protect the disk rather than the OS itself. However, they do not work using a sandboxing principle. Instead, they attempt to catch the process "in the act" of doing something wrong, and prevent it from working.

As for ChromeOS versus CentOS, they are just very different things. CentOS is just a conventional Linux operating system, based on RedHat. It is a full operating system that can be used for a variety of purposes. ChromeOS, on the other hand, is a modified Linux operating system designed specifically for consumers and low-powered laptops. It uses an Internet-based computing model, with all applications running on top of a web browser.

ChromeOS may be more secure out-of-the-box than CentOS, but it's also much more limited in what it can do. And you can configure CentOS to use the same protections that ChromeOS uses if you want. Or you can employ other security measure, some better, some worse.