[ad_1]
Most vulnerabilities in modern computer systems are fixed without significant impact for end users. This is not necessarily the case with Meltdown and Specter, which strike at the heart of the functionality of microprocessors. A new series of Specter vulnerabilities have appeared, but Google is adding features to the Chrome desktop that will block Spectrum remote execution. The disadvantage, however, is that Chrome will use even more RAM than it already does.
Spectrum targets a feature of microprocessors called speculative execution, which performs calculations that may be needed in advance. This greatly increases the overall performance of the system, but also opens the door to attacks that can read data in memory that is supposed to remain private. Patching for Specter and Meltdown has been a complicated process, some of which can affect system performance.
Google v67 build of Chrome contains a feature called site isolation to combat Spectrum attacks. This feature is available in Chrome since version 63, but it was behind a developer indicator. Now, this is the default for everyone. The site isolation makes Spectrum attacks less dangerous by using a separate rendering engine for each domain. Chrome has always had a multi-process architecture separated by tabs, but a single tab could display the content of multiple domains by means of inter-site iframes or a smart JavaScript. This configuration could theoretically allow a Spectrum exploit to read data belonging to other areas of the page, such as your browser passwords or cookies.
Enforcing Site Isolation, however, has a disadvantage. Using a separate rendering engine for each domain means more active rendering engines, and therefore more memory usage. Chrome is already known for high RAM usage, but it could be 10-13 percent higher with site isolation enabled. This feature has already been deployed in the beta and dev channels, so some of you have experienced the effects.
Although this feature has been widely deployed, Google says that about 1% of Chrome users will not immediately get site isolation. Google maintains this group so that it can test the effects and make sure the change is working properly. They will get site isolation later if everything goes as planned. The Android version of Chrome has Isolation of the site later because of the different concerns of the OS. This will be an option in version 68, however. The iOS version of Chrome runs on Apple's rendering engine because of platform restrictions. Google can not make any changes.
[ad_2]
Source link