One of the largest used browser, Chrome has been given security feature which is called Site as Isolation on mostly all the operating system which includes Windows, macOS, Linux, and Chrome to limit the scope of Spectre vulnerability that was disclosed last year. The new feature, as its name suggests, isolates the browser render content of each website which is opened in the latest Chrome browser and use a dedicated process for every single site to restrict the sharing of processes between multiple sites.
Google believes that as a result of the latest development, Chrome can rely on the operating system to prevent any type of hacking attacks that mostly happened with the between processes and sites. There are plans to expand Site Isolation beyond Spectre attacks and help protect users from attacks that emerge from fully compromised renderer processes.
Chrome 67 was released in the month of May. Google says that while Chrome was already using a multi-process architecture to enable different tabs to use different renderer processes, there was a possibility that a malicious webpage could share a process with the active webpage to compromise user data. This loophole has ultimately been addressed with Site Isolation that puts all cross-site iframes into a different process than their parent frame and split a single page across multiple processes.
“When Site Isolation is enabled, each renderer process contains documents from at most one site,” explains Google’s Software Engineer Charlie Reis. “This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using ‘out-of-process iframes.’”
“Site Isolation is a significant change to Chrome’s behavior under the hood, but it generally shouldn’t cause visible changes for most users or Web developers (beyond a few known issues). It simply offers more protection between websites behind the scenes,” says Reis.
Google has enabled Site Isolation for more than 99 percent of users on Windows, macOS, Linux, and Chrome OS, however, a one percent user base hasn’t been considered to monitor and improve performance as of now. Also, there are plans to extend Site Isolation coverage to Chrome for Android, iOS and Windows phone as well.
Apart from that, Google is working on additional security checks in the browser process to bolster Site Isolation to counter attacks from fully compromised renderer processes. The search giant is also collaborating with other major browser vendors to help them defend against Spectre attacks.