[ad_1]
Google has enabled a defensive technology in Chrome that will make it much more difficult to detect information such as login credentials by specter attacks.
The new security technology, called "site isolation" It has a decade of history. But more recently, it has been cited as a shield to protect against the threats posed by Specter, the vulnerability of the processor revealed by Google's own engineers more than a year ago. Google introduced site isolation at the end of 2017 in Chrome 63, presenting it as an option for IT staff members, who could customize the defense to protect employees from threats hosted on external sites. Business managers can use Group Policy Objects (GPOs) as well as command-line indicators before continuing deployment through Group Policies.
Then, in Chrome 66, which was released in April, Google opened the field evaluation for users in general, who could enable site isolation via the chrome option : // flags. Google said that Site Isolation could eventually become the default browser, but the company initially wanted to validate the fixes around issues that appeared in previous tests. Users may decline to participate in the test by changing any of the settings on the options page.
Google has enabled site isolation for the vast majority of Chrome users, 99% of them on behalf of the giant searches. "Many known issues have been fixed since (Chrome 63), so it's convenient to enable it by default for all Chrome users," wrote Charlie Reis, Google software engineer, in an article about the [19659002] The site's isolation, says Reis, "is a big change in the architecture of Chrome that limits each rendering process to single-site documents." With site isolation enabled, attackers will not be able to share their content in a Chrome process assigned to the content of a Web site.
"When site isolation is enabled, each rendering process contains documents such as maximum, a site," Reis continues. "This means that all the navigations to documents from several sites cause a change of tab. It also means that all multi-site iframes are placed in a different process from their parent frame, using "iframes out of process". This, Reis added, was a major shift in the way Chrome works, a shift the engineers had been pursuing for several years, long before Specter was discovered.
Reis' doctoral dissertation nearly made the decade been on the subject, and the Chrome team worked on it for six years.
With site isolation enabled by default in 99% of all Chrome desktop instances, the browser task administrator verifies that the defense is working.Consider the different process numbers for the SiriusXM music streaming tab and the sub-image below.
Resource consumption is not necessarily a Google "problem" with site isolation, but there are side effects. When the technology is used, the company has recognized. "There is a total memory overhead of 10% to 13% on actual workloads due to the increasing number of processes," said Reis, adding that engineers continue to work to reduce this shock of memory.
minus the estimate of additional memory load is lower than before. When Chrome 63 debuted with site isolation, Google admitted that its use would increase up to 20% of memory consumption.
Users will be able to verify that site isolation is enabled – that they are not part of the 1% As part of Google's efforts to "monitor and improve performance," in Chrome 68 , when it will be launched later this month, by typing chrome: // process-internals in the address bar. (This does not work in Chrome 67 or earlier). At the present time, the verification requires more work on the part of the user: It is detailed in this document under the subtitle of "Check". Computerworld used the latter to make sure that its instances of Chrome had enabled site isolation.
Gregg Keizer, Computerworld.com
Source link
