Since Google first released Chrome publicly in 2008, the web browser has divided work among multiple computing processes. That approach helps keep one tab’s work from interfering with what’s happening in another. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre,that Google and other researchers revealed in January.
Google released the new security feature, called site isolation, to a limited number of Chrome users starting with the Chrome 67 release in May. Now it’s “enabled for 99 percent of users on Windows, Mac, Linux and Chrome OS,” Chrome team member Charlie Reis said in a blog post on Wednesday.
The move shows just how complicated Spectre and the related Meltdown attacks are to thwart. Tech companies that make processors, operating systems and browsers all scrambled to block attackers from using the vulnerabilities to snatch sensitive data . The problem is severe enough to have risen to the US Congress, where senators griped on Wednesday that they hadn’t heard about Spectre sooner.
It also shows a new way that Spectre — which took advantage of a processor feature that increased chip speeds — is dogging computer performance. Intel’s initial low-level Spectre fixes taxed computer speeds modestly, and Chrome using more memory is another drag.
But site isolation will help future versions of Chrome with more problems besides just Spectre.
“The best part is coming in a few releases, when site isolation will provide a general mitigation” against two classes of computer attack, remote code execution and universal cross-site scripting, in a key part of Chrome, tweeted Justin Schuh, Chrome’s lead security leader, on Thursday.
Uses more memory
Google’s site isolation feature is a major change to Chrome. It affects a core part of the browser called the renderer, which turns website programming code into actual pixels on your phone or laptop screen. With site isolation, Chrome splits renderers into separate computing processes more often to wall off data better.
Unfortunately, that means Chrome needs more memory. The increase is about 10 to 13 percent for people with lots of tabs open, Google said in a project document. The good news, though, is that site isolation lets Google relax earlier restrictions on monitoring precise timing of browser actions it had adopted to make Spectre attacks harder.
“Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure,” Reis said in the blog post. And it’s also working to bring site isolation to Chrome for Android, he said.
Site isolation, a ten-year project
Reis has been working on the site isolation technology for a decade, starting with his Ph.D. research, and the Chrome team began about six years ago, Chrome security leader Justin Schuh tweeted.
Eric Lawrence, a former Chrome security team member who now works on Microsoft’s rival Edge browser, called the move “an extremely impressive achievement.”
“Google invested many engineer-years in a feature that initially seemed hopelessly out of whack from cost/benefit POV [point of view],” he tweeted. Then when Spectre arrived, site isolation suddenly became “an essential defense against a class of attack.”
First published July 11, 12:09 p.m. PT.
Update July 13, 9:43 a.m. PT: Adds that site isolation will improve Chrome security beyond addressing Spectre problems.