Chrome 67 beats Spectre – Chrome Security Wins

Google has been trying to find a new way of protecting Chrome browser against security gaps since Intel processor got its vulnerabilities exposed. Their solution is to implement Site Isolation.

In order for Spectre to not steal any data from Google users, Chrome 67 has introduced Site Isolation for Mac, Windows, Chrome OS and Linux.

However, this is just one step closer to achieve the completion of the project.

What is Spectre?

Spectre is a side-channel attack which to access parts of memory that must be off-limits to a piece of code, use the speculative execution features of most CPUs. And to arrive at values stored in the memory it uses timing attacks. To sum up, it reads any memory and steals data.

This is a significant threat only for web browsers and here is where Site Isolation comes in handy.

What is Site Isolation?

Site Isolation limits each renderer process to documents from one site, and it is a substantial change to Chrome’s architecture. For preventing attacks between operations or sites, Chrome will rely on the operating system.

Previously, Chrome would have a renderer process per tab opened which resulted in a multi-process architecture, still weak put face to face with an attacker.

To avoid that from happening, Site Isolation lets renderer processes to have documents from no more than a site, that means the navigations that cross-site reports will make a tab change processes so that the cross-site iframes will be put into a different process.

Chrome Security and Chrome have been working on such a process long before Spectre’s threatens and now Site Isolation was offered to 99% of users on Mac, Linux, Chrome OS and Windows.

In conclusion, if Spectre wants to attack it has no chance because the source of information will be changed into another tab.

You might like

About the Author: Francis E. Hagopian

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.