Google Chrome 67 gets the site isolation feature to mitigate spectrum vulnerability



[ad_1]

Chrome 67 has been endowed with a security feature called Windows site isolation, macOS, Linux and Chrome OS to limit the extent of Specter's vulnerability revealed earlier this year. The new feature, as its name indicates, isolates the browser rendering content of each website opened in the latest Chrome browser and uses a dedicated process for each site to restrict the sharing of processes across multiple sites. Google believes that with the latest development, Chrome can rely on the operating system to prevent attacks between processes and sites. It is planned to extend the site's isolation beyond spectrum attacks and protect users from attacks from fully compromised rendering processes. However, the original experiment aims to protect users against Specter hackers that are considered a set of speculative side channel attacks.

As a reminder, Chrome 67 was released in May. Google claims that even though Chrome was already using a multiprocess architecture to allow different tabs to use different rendering processes, it was possible that a malicious web page would share a process with the active web page to compromise the user data . This flaw has finally been solved with the site isolation that places all the IF sites in a process different from that of their parent image and divides a single page between several processes. "When site isolation is turned on, each rendering process contains documents from at most one site," says Charlie Reis, Google's software engineer, in a blog post. This means that all cross-site document browsers cause a process change by tabulation, which means that all cross-site iframes are placed in a process different from their parent image, using out-of-process iframes. "

With the arrival of Site Isolation, the Chrome browser no longer loads data to other websites in the same open site process on an active tab, which limits an attacker to obtain data. The latest security feature includes Cross-Origin Read Blocking (CORB), which is designed to transparently block cross-site HTML, XML, and JSON responses from the rendering process without largely affect compatibility – a significant change in Chrome's behavior under the hood, but it should not generally cause visible changes for most users or web developers (beyond some known issues), it simply offers more protection between behind-the-scenes websites. "

Although Site Isolation can be a savior if a malicious site is set up to steal your data, it puts a lot of u n little pressure on Chrome by creating more rendering processes. Nevertheless, Google claims that each rendering process "is smaller, shorter in duration and has fewer internal conflicts". The Chrome team also plans to optimize the initial behavior of the feature in order to make the experience faster.

Google has enabled site isolation for up to 99% of users on Windows, Mac OS, Linux and Chrome OS. a 1% user base was not considered to monitor and improve performance. In addition, it is planned to extend the coverage of site isolation to Chrome for Android. Experimental business strategies for enabling site isolation will be available in Chrome 68 for Android, and can be manually activated on Android using chrome: // flags / # enable-site-per-process, says the engineer in the blog [19659002] In addition, Google is working on additional security checks in the browser process to strengthen the site's isolation in order to counter the attacks from fully compromised rendering processes. The search giant is also collaborating with other major browser vendors to help them defend against Specter attacks.

It should be noted that Site Isolation was previously available as an experimental business policy in Chrome 63 and later. The limited availability allowed Google to fix several known issues before it arrived on Chrome 67.

<! –

->

[ad_2]
Source link