Set permissions for SUID sandbox helper during install

I had a current issue with the debian Desktop app where the app wouldn’t launch due to sandbox mode not working properly with certain distributions (kali and parrot OS specifically) due to a permission issue with the SUID sandbox helper (/opt/Bitwarden/chrome-sandbox). The example is of my issue is here:

Jan 24 23:25:00 parrot kernel: [13472.389096] do_trap: 52 callbacks suppressed
Jan 24 23:25:00 parrot kernel: [13472.389098] traps: bitwarden[15055] trap int3 ip:5611ad5eb717 sp:7ffc79ce78a0 error:0 in bitwarden[5611ab6c8000+5023000]
Jan 24 23:25:00 parrot org.mate.panel.applet.BriskMenuFactory[15055]: [15055:0124/232500.534821:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I’m aborting now. You need to make sure that /opt/Bitwarden/chrome-sandbox is owned by root and has mode 4755.
Jan 24 23:28:04 parrot kernel: [13656.339765] traps: bitwarden[15466] trap int3 ip:55eb39d62717 sp:7ffdf2aecfc0 error:0 in bitwarden[55eb37e3f000+5023000]

After much research, it appears specifically due to a permission issue with the setup of Bitwarden after debian version 1.14.0 under these distros, or other newer kernel distros as seen here:

Either setting the permissions manually to be owned as root with 4755, or turning on user namespaces in the kernel fixes this issue with Bitwarden launching correctly with sandbox mode turned on. Its either that, or run Bitwarden without sandboxing with the --no-sandbox option in the CLI.

Please correct setting the permissions of the sandbox helper during install. As I am not a developer, I can’t say what this may affect security wise as I believe the setgui option can be risky.

If that is the case I apologize. Also, if this is in the wrong section, I apologize as well, as I didn’t see any mention of this in the user support section on this issue.