There are two relevant computer security ideas here -- "sandboxing" is used to place risky work (such as Chrome decoding some media) into an isolated process which lacks privileges to e.g. abuse access to files or networking, and "taint tracking" is used to reason about what attacker-supplied input can influence.
