Chrome 67 to Counter Spectre on Mac, Windows, Linux, Chrome OS via Site Isolation
What is Site Isolation and How Does it Work
Site Isolation has the browser render content for each open website in a dedicated process that is separated from other pages. For example, a domain such as https://google.co.uk and subdomains like https://maps.google.co.uk would stay in the same process, which wasn’t the case earlier. Historically, Chrome has used a multi-process architecture where different tabs could use different processes at the same time. A tab could even switch processes when navigating to a new site if needed. With Site Isolation is enabled, each renderer process can contain documents from only one site. Navigations to cross-site documents cause a tab to switch processes. Google’s security blog elaborates more on this
It also means all cross-site iframes are put into a different process than their parent frame, using “out-of-process iframes.” Splitting a single page across multiple processes is a major change to how Chrome works, and the Chrome Security team has been pursuing this for several years, independently of Spectre. The first uses of out-of-process iframes shipped last year to improve the Chrome extension security model.
However, even with each renderer process being limited to a single document, there is still a chance that an attacker’s page could access and leak information by requesting them as elements such as images or scripts. A page could try to request sensitive data as if it were an image or script, which can later be accessed via a Spectre attack.
With Site Isolation enabled, Chrome creates more renderer processes. Even if a Spectre attack were to occur in a malicious web page, data from other websites would not be loaded into the same process, resulting in much less data being available to the attacker. Site Isolation has been enabled for 99% of users on Windows, Mac, Linux, and Chrome OS, with the remaining one percent being held back to monitor the effects. The only tradeoff is that Chrome might use 10-15% more memory than it did earlier. Google also stated that Chrome for Android will get Site Isolation in a subsequent release. In Chrome 68 for mobile, you can manually enable Site Isolation via the “chrome://flags/#enable-site-per-process” flag.