Google Chrome shifts browser architecture to thwart Spectre attacks
Google Chrome is enabling a new security feature called Site Isolation in response to the set of speculative execution side-channel attacks known as Spectre and Meltdown.
One day after a new Spectre-like attack was disclosed, the newly enabled Site Isolation feature attempts to provide what Google’s security team believes is “the most effective mitigation” possible.
This is the latest improvement for Chrome, widely considered to possess the best security features among different browsers.
Google noted that the new feature will use “10-13%” more memory, a significant number the Chrome developers say they are working to reduce.
Spectre and Meltdown use the speculative execution feature of a machine’s processors to access memory that is supposed to be off-limits to users. Site Isolation aims to keep data in the same process so that a Spectre attack can’t siphon off important data.
The security feature is available in the current version (Chrome 67) of Chrome on Windows, Mac, Linux and Chrome OS. The Chrome team is now working on extending the coverage to Android.
The team didn’t comment on updates to iOS.
“Site Isolation is a large change to Chrome’s architecture that limits each renderer process to documents from a single site,” Google engineer Charlie Reis wrote in a blog post. “As a result, Chrome can rely on the operating system to prevent attacks between processes, and thus, between sites.”
Although it’s a significant change, it “generally shouldn’t cause visible changes for most users or web developers,” Reis said. “It simply offers more protection between websites behind the scenes.”
The old status quo was that within a single tab, an attacker could share a process with a victim’s website with frames and cross-site pop-ups that could, if used in a successful Spectre attack, allow the attacker to read cookies and passwords within the same process.
Enabling Site Isolation means a single process contains documents from a maximum of one site, so that cross-site iframes or pop-ups are different processes. Even if an attacker is successful with Spectre, there would be much less data to go after.
“Splitting a single page across multiple processes is a major change to how Chrome works, and the Chrome Security team has been pursuing this for several years, independently of Spectre,” Reis explained. “The first uses of out-of-process iframes shipped last year to improve the Chrome extension security model.”
Google is also offering increased bug bounty rewards on Site Isolation-related bugs for a limited amount of time.