Categories
News Tech

Chrome 67 beats Spectre – Chrome Security Wins

Google has been trying to find a new way of protecting Chrome browser against security gaps since Intel processor got its vulnerabilities exposed. Their solution is to implement Site Isolation.

In order for Spectre to not steal any data from Google users, Chrome 67 has introduced Site Isolation for Mac, Windows, Chrome OS and Linux.

However, this is just one step closer to achieve the completion of the project.

What is Spectre?

Spectre is a side-channel attack which to access parts of memory that must be off-limits to a piece of code, use the speculative execution features of most CPUs. And to arrive at values stored in the memory it uses timing attacks. To sum up, it reads any memory and steals data.

This is a significant threat only for web browsers and here is where Site Isolation comes in handy.

What is Site Isolation?

Site Isolation limits each renderer process to documents from one site, and it is a substantial change to Chrome’s architecture. For preventing attacks between operations or sites, Chrome will rely on the operating system.

Previously, Chrome would have a renderer process per tab opened which resulted in a multi-process architecture, still weak put face to face with an attacker.

To avoid that from happening, Site Isolation lets renderer processes to have documents from no more than a site, that means the navigations that cross-site reports will make a tab change processes so that the cross-site iframes will be put into a different process.

Chrome Security and Chrome have been working on such a process long before Spectre’s threatens and now Site Isolation was offered to 99% of users on Mac, Linux, Chrome OS and Windows.

In conclusion, if Spectre wants to attack it has no chance because the source of information will be changed into another tab.

Categories
Tech

Google Chrome Has Increased RAM Consumption After Spectre ‘Improvement’

Yes it’s true: Google Chrome will now consume even more RAM in order to ensure that these pesky Spectre vulnerabilities will not endanger your system. The bad news is that short of changing your browser or adding more RAM you have no choice.

Short refresh: Spectre and Meltdown are chip-level security vulnerabilities that were discovered earlier in 2018. They affect both AMD and Intel processors among others, and may even be present on your PC/laptop. Since receiving a free processor upgrade is out of the question, the vulnerabilities can only be patched at a software level.

In a blog post, Google explains while your browser is even more hungry now:

Site Isolation is a significant change to Chrome’s behavior under the hood, but it generally shouldn’t cause visible changes for most users or web developers (beyond a few known issues). It simply offers more protection between the websites behind the scenes. Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs: on the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure.

Site isolation has now been enabled by default for most of the users and you are not able to turn off, as it is mandatorily enabled. Google further elaborates that the purpose o the site isolation is to prevent extended data transfer between your machine and potentially malicious attackers that seek to gain access to your private information.

While better security is always good news, the cost may be a bit high for Chrome users with older machines that may be significantly slowed down by the update. The feature is here to stay, so as previously stated, should you not like it, only switching browsers may help you.

Exit mobile version