Looking at how things are now, it should be clear that Spectre is a major problem on the web and for web browsers. The good news is, tech giants are doing a lot to combat this problem, and the latest to step forward is Google. As we know, Google as its own web browser in Chrome, and since Spectre affects these programs, the company has moved to fight the problem with some key features. The idea is to mitigate Spectre with Site Isolation.
Site Isolation is now part of Chrome 67, and this is indeed a big deal. If you haven’t yet upgraded your Chrome web browser to the newest version, then now is the time because Spectre isn’t to be taken lightly.
Chrome’s site Isolation feature
Here’s the thing, Spectre is known for using the speculative execution features that are linked to most CPUs in a bid to access a section of memory that shouldn’t be available to most pieces of code.
As time goes by, the attack moves to discover any information stored in memory. An attacker can download what’s inside the memory for their own uses. This is a huge problem for web browsers since they are susceptible to attacks from malicious JavaScript code.
As it stands, then, a website could use an infected JavaScript code to steal information from any website visited by the user. That poses a huge problem for anyone who logs into a business website with an infected web browser.
According to what Google has to say, Site Isolation is all about limiting “each renderer process to documents from a single site.” Because of this, Google Chrome can rely on the Windows 10 operating system to prevent any attacks between processes and between websites.
“When Site Isolation is enabled, each renderer process contains documents from at most one site. This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using “out-of-process iframes.” Splitting a single page across multiple processes is a major change to how Chrome works, and the Chrome Security team has been pursuing this for several years, independently of Spectre. The first uses of out-of-process iframes shipped last year to improve the Chrome extension security model,” according to Google.
Site Isolation causes Chrome to create more renderer processes, which comes with performance tradeoffs. There is about a 10-13% total memory overhead in real workloads due to the larger number of processes. It has been enabled for 99% of users on Windows, Mac, Linux, and Chrome OS.
