Google has implemented a new technology in its browser, Chrome to help keep users information secure from maliciously crafted websites, with the compartmentalization technology on Chrome dividing the multiple computing processes.

Chrome 67 brings the security feature called Site Isolation, which has been optionally available as an experimental enterprise policy since Chrome 63, and now making it practically enabled by default for all desktop Chrome users.

The security feature is meant to tackle speculative execution side-channel attacks like Spectre, which is a newly discovered security risk for web browsers, as a website could use such attacks to steal data or login information from users that are using the browser.

The attacks known as Spectre and Meltdown use the speculative execution features of most CPUs to access parts of memory that should be off-limits to a piece of code, and then use timing attacks to discover the values stored in that memory, thus allowing untrustworthy code to read any memory in its process's address space.



And since browsers run potentially malicious JavaScript code from multiple websites, often in the same process, these particular risks are the main concern of the web browser.

Chrome's Site Isolation affects the core part of the browser called the renderer, which turns website programming code into actual pixels, and its able to split the renderers into separate computing processes to wall off the data.

It comes as a large change to Chrome's architecture, so that the browser can better rely on the operating system to prevent attacks between processes, and subsequently, between sites.

The Site Isolation security feature is currently available by default on Chrome 67 for Windows, Mac, Linux, and Chrome OS.

How Google intends to keep users Data Secure from Spectre and Meltdown



Google has implemented a new technology in its browser, Chrome to help keep users information secure from maliciously crafted websites, with the compartmentalization technology on Chrome dividing the multiple computing processes.

Chrome 67 brings the security feature called Site Isolation, which has been optionally available as an experimental enterprise policy since Chrome 63, and now making it practically enabled by default for all desktop Chrome users.

The security feature is meant to tackle speculative execution side-channel attacks like Spectre, which is a newly discovered security risk for web browsers, as a website could use such attacks to steal data or login information from users that are using the browser.

The attacks known as Spectre and Meltdown use the speculative execution features of most CPUs to access parts of memory that should be off-limits to a piece of code, and then use timing attacks to discover the values stored in that memory, thus allowing untrustworthy code to read any memory in its process's address space.



And since browsers run potentially malicious JavaScript code from multiple websites, often in the same process, these particular risks are the main concern of the web browser.

Chrome's Site Isolation affects the core part of the browser called the renderer, which turns website programming code into actual pixels, and its able to split the renderers into separate computing processes to wall off the data.

It comes as a large change to Chrome's architecture, so that the browser can better rely on the operating system to prevent attacks between processes, and subsequently, between sites.

The Site Isolation security feature is currently available by default on Chrome 67 for Windows, Mac, Linux, and Chrome OS.

No comments