Fixes in Chrome needed to mitigate the security flaws in computer processors that were disclosed at the beginning of the year will cause Google's web browser to use significantly more memory, the company explained in a blog post. "As a result, a malicious website will find it more hard to steal data from other sites, even if it can break some of the rules in its own process".
The mitigation is an impressive engineering feat that's created to lessen the damage of attacks that exploit a new class of vulnerability that came to light in January. So, if you have multiple tabs open, each of the pages will have its own process running and will not share them. Site Isolation makes Spectre attacks less risky by using a separate renderer for each domain.More news: U.S. professor of biology believes hunted whale to be a blue whale
Google said Site Isolation is a large change to Chrome's architecture, limiting each renderer process to documents from a single site. By separating out the rendering processes by site, Chrome can prevent directly reading memory across processes, and utilize the built-in operating system protections against Spectre (which still isn't very clear).
The Spectre attacks, which were made public in January, effectively allow malicious code to read any memory in a process's address space.More news: Tesla customers will start losing a $7500 tax credit in 2019
When Site Isolation is enabled, each renderer process contains documents from at most one site.
"This means all navigations to cross-site documents cause a tab to switch processes".More news: Netflix knocks HBO off its throne, as Emmy voters spread the wealth
This also means that all iframes on a page (generally for ads) are put into a separate process than the parent frame, further increasing memory usage, but increasing security at the same time. This is bad news, especially for those who feel that Chrome already uses too much RAM. However, a page could try to request an HTML or JSON URL with sensitive data as if it were an image or script. Additionally, enabling Site Isolation results in some changed behaviors to frames, as Google notes that hidden cross-site frames will no longer register clicks, though they believe this to be "relatively uncommon in practice", likewise, printing websites with cross-site subframes is unlikely to work. The Site Isolation feature, which was optional since Google Chrome 67, is now activated by default for all users of the internet browser to protect against the hacker attacks known as Spectre and Meltdown. This would normally fail to render and not expose the data to the page, but that data would still end up inside the renderer process where a Spectre attack might access it. To date, most others have disabled the same types of precise timers as Chrome.