diff --git a/usr/lib/permission-hardener.d/25_default_whitelist_chromium.conf b/usr/lib/permission-hardener.d/25_default_whitelist_chromium.conf
index 01ea21c..bdb2b2a 100644
--- a/usr/lib/permission-hardener.d/25_default_whitelist_chromium.conf
+++ b/usr/lib/permission-hardener.d/25_default_whitelist_chromium.conf
@@ -5,4 +5,13 @@
 ## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
 ## configuration. When security-misc is updated, this file may be overwritten.
 
-chrome-sandbox matchwhitelist
+## Chrome/Chromium now uses namespace-based sandboxing rather than a SUID
+## sandbox for most use cases, and while the SUID sandbox is still technically
+## supported [1], it's also virtually unused [2]. Chromium still works fine
+## when it is stripped of its SUID bit and rendered no longer executable,
+## and opening `chrome://sandbox` while in this state shows that sandboxing is
+## still working perfectly fine.
+##
+## [1] https://chromium.googlesource.com/chromium/src/+/0e94f26e8/docs/linux_sandboxing.md
+## [2] https://chromium.googlesource.com/chromium/src/+/0e94f26e8/docs/linux_suid_sandbox.md
+#chrome-sandbox matchwhitelist