Welcome to WebmasterWorld Guest from 54.167.29.208

Forum Moderators: open

Chrome "Site Isolation" Experimental Feature

     
9:42 am on Jan 9, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25041
votes: 660


Chrome has a "Site Isolation" experimental feature which might be useful when you're aware of a security bug, but it's not yet been patched. For example, the feature could help against the latest CPU vulnerabilities, Meltdown and Spectre, [webmasterworld.com] and might help as a second line defense.
It ensures that pages from different websites are always put into different processes, each running in a sandbox that limits what the process is allowed to do. It also blocks the process from receiving certain types of sensitive documents from other sites. As a result, a malicious website will find it more difficult to steal data from other sites, even if it can break some of the rules in its own process.
Chrome "Site Isolation" Experimental Feature [chromium.org]
11:55 am on Jan 9, 2018 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2748
votes: 110


I do not understand how this helps with Meltdown and Spectre because the vulnerability is that they break isolation between processes (Spectre) and between a process and the OS (Meltdown).
12:36 pm on Jan 9, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25041
votes: 660


It's only providing better protection, and further mitigation, but I doubt it'd stop it.
2:55 pm on Jan 9, 2018 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2748
votes: 110


Its mostly seems to provide UXSS protection and may make exploits using Spectre a bit harder (no help at all with Meltdown) by reducing the data visible to each process, but that seems a pretty slight mitigation unless I am missing something - you will have to get data from more processes for example, but Spectre will still work.
12:03 pm on Jan 10, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25041
votes: 660


Agreed, but it's still useful to know about this feature. I rarely visit unknown areas of the Net, but I can see a use for it to help avoid succumbing to bad actors.
5:06 am on Jan 31, 2018 (gmt 0)

New User

joined:Jan 31, 2018
posts:2
votes: 0


As if chrome wasn't already hungry enough for all your RAM, that now it's demanding atleast 10-20% more of the current memory requirement... Or is it just me with these irregular memory usage spikes with the current version?