Home » Tech

Google Chrome adds new Spectre fix, but uses more RAM in return

13 July, 2018, 19:53 | Author: Rafael Roberts
  • Spectre Mitigation Increases Chrome Memory Usage, Google Says

This week, Google said that the site isolation technologies it has had to add to its Chrome web browser to mitigate the Spectre processor vulnerability come with a 10 to 13 percent increase in memory usage. The feature looked to improve stability, while making the internet browser more resistant to attacks such as Spectre.

The mitigation is an impressive engineering feat that's created to lessen the damage of attacks that exploit a new class of vulnerability that came to light in January. This means that when users visit a malicious website, attackers will not be able to see the data that has been loaded in other websites as those are different processes than the one that launched the malicious website. You could also add a command line flag to start Chrome with -site-per-process, but that's a lot of work.

"Site Isolation is a large change to Chrome's architecture that limits each renderer process to documents from a single site", explained Google Chrome team member Charlie Reis.

In other words, on Windows, macOS, Linux, and Chrome OS devices, Chrome uses the security boundaries provided by the operating system to ringfence each domain into its own browser process. "This would allow a successful Spectre attack to read data (e.g., cookies, passwords, etc.) belonging to other frames or pop-ups in its process", explained Reis. As of yet, it remains disabled on Android, though is expected to be enabled in the future.


When enabled, all navigations to cross-site documents cause a tab to switch processes and puts all cross-site iframes into a different process than their parent frame, using "out-of-process iframes".

Over the years, Chrome has become an incredibly hungry browser, eating up as much as RAM as it can.

A single page may now be split across multiple renderer processes using out-of-process iframes. However, a page could try to request an HTML or JSON URL with sensitive data as if it were an image or script. "This significantly reduces the threat posed by Spectre". CORB tries to transparently block cross-site HTML, XML, and JSON responses from the renderer process, with nearly no impact to compatibility. Using a separate renderer for every domain means more active renderers, and thus, more memory usage. Google initially described Site Isolation as an "additional security boundary between websites", preventing malicious webpages in a tab from messing with or spying on tabs and iframes displaying pages from other domains.

"Site Isolation is a significant change to Chrome's behavior under the hood, but it generally shouldn't cause visible changes for most users or web developers (beyond a few known issues)".

Recommended:



Popular

President Trump Reportedly Threatened to Pull the U.S. Out of North Atlantic Treaty Organisation
Add Donald Trump as an interest to stay up to date on the latest Donald Trump news, video, and analysis from ABC News. Trump has described the spending situation as "disproportionate and not fair to the taxpayers of the United States".

Modi loses 3 lakh followers, Rahul Gandhi 17,000 in Twitter cleanup
Uhuru, who is the most followed Kenyan on Twitter , had 3,234,935 followers as of July 12 but lost 16,071 of them in the purge. Across the board, Twitter's most followed celebrities felt a cut on Thursday.

'Black Widow' movie lands female director
Fans have been clamoring for a Black Widow solo film ever since the character made her big-screen debut in 2010's Iron Man 2 . Scarlett Johansson is also producing the Black Widow movie, and she recently appeared in The Avengers: Infinity War .

Tesla to begin phasing out federal tax credit in 2019
So far, the company is only building high-end versions of the Model 3 for significantly higher prices. After that point, the credit halves for six months, and then halves again for a final six months.

Trump brings his chaotic road show to Britain
Trump's undiplomatic attack on May, his host, will likely raise the temperature around an already controversial visit. Trump said that one of them, former Foreign Secretary Boris Johnson, "would be a great Prime Minister".

Global recall of heart drug due to potential carcinogen contamination
Health Canada says patients taking the drug should check with their pharmacists to learn if their medicine is being recalled. Some of these drugs are also used in patients who have had heart failure or a recent heart attack.

Don't be surprised if you lose followers — Twitter purge
President Uhuru Kenyatta retired to bed on Thursday night with more followers on Twitter than he woke up to on Friday. The two are among the so-called influencers who are paid huge amounts of cash to post content on their social media.

Steve McManaman shared his World Cup knockout predictions after the group stage
Two weeks ago, former England worldwide Steve McManaman was asked on ESPN to predict the results of the knockout stages. The 46-year-old pundit absolutely nailed it.

Trump visit to United Kingdom begins on awkward note
According to recent surveys by non-partisan British polling organization YouGov, only 11 percent of Britons said they thought Mr. I am just saying I think he would be a great prime minister .

Donald Trump and Melania arrive at Theresa May's banquet amid protests
Asked if the ex-minister could be in No. 10 one day, he replied: "Well I am not pitting one against the other ". Like this story? Share it with a friend! "They are just a lobbyist for Amazon", he said.