[ad_1]
Google has implemented a new feature "Site Isolation" in the latest version of its Chrome browser, which, according to the company, will help organizations better protect themselves from Spectrum-type attacks revealed earlier this year .
Feature is available on an experimental basis for businesses since Chrome 63 but has been enabled by default for almost all desktop users with the release of the new Chrome 67.
Site isolation represents an important under-hood change in the behavior of Chrome, said Charlie Reis a Google engineer in a blog July 11. While most users should not see any visible changes when using Chrome, the new feature imposes a memory overload of 10% to 13%. Google is trying to solve this problem so that new versions of Chrome are optimized for performance and security, he said.
Specter and Meltdown are fundamental hardware-level problems affecting almost all modern microprocessors. They allow for a sort of attack known as the speculative side-channel execution that essentially allows hackers to access data in memory that they would not normally have access to.
Google's Zero project researchers were among the first to unveil the vulnerabilities, which many described as potentially catastrophic. In the context of the browser, Specter offers hackers a way to use an open browser tab on a user's desktop to read or access data in another tab of the open browser. In theory at least, the owner of a malicious website could exploit Spectrum to steal information from other sites, said Reis.
All major browsers, including Chrome, have already implemented fixes to counter this threat. According to Reis, site isolation is the best approach because it ensures that the content of different websites is run in completely separate processes on the users desktop. The idea is to make sure that the pages of a domain that can be opened in the browser of a user remain completely separate from the pages of another domain that is open in same time.
"When site isolation is enabled, each rendering process contains documents from at most one site," says Reis. "This means that all cross-site document navigation causes a change of tab."
In other words, even if malicious software was running on an open browser tab, it could not affect data from other websites that might be open. in other open tabs on the user's desktop. The goal is to mitigate the damage that an attacker could suffer via a side channel attack, said Reis.
Because site isolation is causing Chrome to create more process for rendering pages, there is a trade-off between performance and the functionality described by Reis. Although Google has tried to minimize the impact on performance, Site Isolation still accompanies a memory overhead when running real workloads, does it? declared.
Site isolation was enabled for 99% of users on Windows, Mac, Linux and Chrome OS. Google is currently exploring how to implement the feature in Android.
Source link