Last year, the theoretical bugs became reality. Dubbed Spectre, the new exploits allowed attackers unprecedented ability to attack users. Bypassing traditional protections, the new bugs opened up a new option for side-channel attacks. On top of system and hardware fixes, Google is rolling out their own fix for Google Chrome. The new patch takes Chrome tabbing to a whole new level with site isolation.
With each new tab, Chrome generally already segregates the process for each. Site isolation now adds a new render process for each new domain. For instance, eTeknix.com resources will use their own process. The social media icons for Facebook.com on the same page will also have their own process. Due to the additional processes and isolation, there is a performance penalty. Having some much more stuff run in the background adds 10 to 13 per cent memory usage. To offset the performance penalty, Google will kill the render process more quickly.
Due to each domain having their own process, data is now isolated, preventing possible cross access. A malicious domain now cannot request resources from a domain like a bank to attack it. Of course, the fix still have to rely on system and hardware fixes for the final barrier. Instead, the fix moves the focus from the browser to the system. Since these processes all run on the same system and CPU, that is still a weak point.
The new fix has been a part of Chrome of a while already. However, it is now largely the default for Chrome 67. Google is opting out 1% of users due to performance concerns. For the same reason, Android Chrome is also not seeing this fix yet. Chrome 68 for Android may see a limited opt in version. Both Mozilla Firefox and Microsoft Edge could see similar fixes. It is unknown if site isolation will become the preferred fix for Spectre. Given the rise of timing attacks, expect more isolation of processes going forward.
Plaion, a leading video game publisher, and Retro Games Ltd., a specialist in reimagined classic…
During the latest earnings call, NVIDIA CFO Colette Kress warned of a potential GPU supply…
Chinese sources say the GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070…
GTA 6 doesn’t have an official release date yet, but it has already earned a…
Stay on Point with ActiveTrack 6.0 - With upgraded tracking tech, OM 6 sticks to…
Pack includes three Wiser Radiator Thermostats. These smart radiator thermostats are only designed to work…