Google Chrome 67 Gets Site Isolation Feature to Mitigate Spectre Vulnerability

Chrome 67 has been given security feature called Site Isolation on Windows, macOS, Linux, and Chrome OS to limit the scope of Spectre vulnerability that was disclosed earlier this year. The new feature, as its name suggests, isolates the browser from render content of each website opened in the latest Chrome browser and use a dedicated process for every single site to restrict the sharing of processes between multiple sites. Google believes that as a result of the latest development, Chrome can rely on the operating system to prevent attacks between processes and sites. There are plans to expand Site Isolation beyond Spectre attacks and help protect users from attacks that emerge from fully compromised renderer processes. However, the initial experience is targeted to protect users from Spectre attackers that are considered as a set of speculative execution side-channel attacks.

To recall, Chrome 67 was released back in May. Google says that while Chrome was already using a multi-process architecture to enable different tabs to use different renderer processes, there was a possibility that a malicious webpage could share a process with the active webpage to compromise user data. This loophole has ultimately been addressed with Site Isolation that puts all cross-site iframes into a different process than their parent frame and split a single page across multiple processes. "When Site Isolation is enabled, each renderer process contains documents from at most one site," explains Google's Software Engineer Charlie Reis in a blog post. "This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using 'out-of-process iframes.'"

With the arrival of Site Isolation, Chrome browser no longer loads data to other websites in the same process of the site opened on an active tab. This limits an attacker to obtain user data using malicious JavaScript code. Further, the latest security feature includes Cross-Origin Read Blocking (CORB) that is designed to transparently block cross-site HTML, XML, and JSON responses from the renderer process, without largely impacting compatibility.p

"Site Isolation is a significant change to Chrome's behavior under the hood, but it generally shouldn't cause visible changes for most users or Web developers (beyond a few known issues). It simply offers more protection between websites behind the scenes," says Reis.

Although Site Isolation could be a saviour if a malicious site is set to steal your data, it does put some load on Chrome by creating more renderer processes. Nevertheless, Google claims that each renderer process "is smaller, shorter-lived, and has less contention internally." The Chrome team is also in plans to optimise the initial behaviour of the feature to make the experience faster.

Google has enabled Site Isolation for as much as 99 percent of users on Windows, macOS, Linux, and Chrome OS, however, a one percent user base hasn't been considered to monitor and improve performance. Also, there are plans to extend Site Isolation coverage to Chrome for Android as well. Experimental enterprise policies for enabling Site Isolation will be available in Chrome 68 for Android, and it can be enabled manually on Android using chrome://flags/#enable-site-per-process, the engineer said in the blog post.

Moreover, Google is working on additional security checks in the browser process to bolster Site Isolation to counter attacks from fully compromised renderer processes. The search giant is also collaborating with other major browser vendors to help them defend against Spectre attacks.

It is worth pointing out that Site Isolation was previously available as an experimental enterprise policy in Chrome 63 and later versions. The limited availability enabled Google to resolve several known issues ahead of its public arrival on Chrome 67.