Chrome 67 combines Site Isolation to decrease Spectre vulnerability

Avatar By Le Williams | 2 years ago

Google Chrome 67 has been integrated with a security feature called Site Isolation on Windows, macOS, Linux, and Chrome OS to restrict the range of Spectre vulnerability that was disclosed in early 2018.

The new feature isolates the browser render the content of each website opened in the latest Chrome browser and uses a dedicated process for every single site to restrict the sharing of processes between multiple sites.

Google maintains a strategy that Chrome can rely on the operating system to prevent attacks between processes and sites. There are initiatives to expand Site Isolation beyond Spectre attacks and help protect users from attacks that emerge from fully compromised renderer processes.

However, the initial experience is targeted to protect users from Spectre attackers that are considered as a set of speculative execution side-channel attacks.

“When Site Isolation is enabled, each renderer process contains documents from at most one site,” explains Google’s Software Engineer Charlie Reis in a blog post. “This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using ‘out-of-process iframes.'”

Site Isolation prevents the Chrome browser from loading data to other websites in the same process as the site opened on an active tab. As a result, this limits an attacker to obtain user data using malicious JavaScript code.

Further, the latest security feature includes Cross-Origin Read Blocking (CORB) that is designed to transparently block cross-site HTML, XML, and JSON responses from the renderer process, without largely impacting compatibility.

“Site Isolation is a significant change to Chrome’s behavior under the hood, but it generally shouldn’t cause visible changes for most users or Web developers (beyond a few known issues). It simply offers more protection between websites behind the scenes,” says Reis.