July 18, 2018
Last week, the Google Security Blog announced a new security feature for Chrome 67 to better protect internet users from speculative execution side-channel attacks like Spectre. Spectre attacks try to invade memory code to retrieve data within that memory, particularly in web browsers. While major browsers have taken precautions to prevent Spectre attacks, Google says its new feature, called Site Isolation, makes data worth stealing inaccessible.
Chrome 67 has enabled Site Isolation on Windows, Mac, Linux, and Chrome OS. Previously, the feature was available for Chrome 63, but only as an optional, experimental enterprise policy. Now, the feature is enabled by default.
How It Works
Google says Site Isolation limits each renderer process to documents from a single site. This allows Chrome’s operating system to stop attacks both between process and between sites. It’s worth noting that Chrome defines “site” as only the scheme and registered domain. Google uses the example of https://google.co.uk (a site) and https://maps.google.co.uk (which remains in the same process).
While Chrome up to now did have a multi-process structure, such as between different tabs, Google says an attacker’s page could still share a process with that of another user’s page. Such a scenario would occur with pop-ups, because they share a process with the original page they came from. Spectre attacks could then read private data, like passwords, that came from other pop-ups or frames sharing the same process.
With Site Isolation, Chrome isolates processes so that attackers cannot share them when internet users switch between tabs or navigations, not even when a pop-up or new frame is opened, as the new feature now gives them their own process, separate from that of the original site. To accomplish this, Google says Site Isolation, using out-of-process iframes, splits a single page across multiple renderer processes.
Although Site Isolation isn’t one-hundred percent foolproof, it does limit the amount of data an attacker can get a hold of.
Google says it’s working on expanding Site Isolation coverage to Chrome for Android. Additionally, the wheels are in ongoing motion to prevent attacks beyond Spectre, which may come from fully compromised renderer processes. Last but not least, Google is also collaborating with other browser vendors to prevent Spectre attacks.
“Site Isolation is a significant change to Chrome’s behavior under the hood, but it generally shouldn’t cause visible changes for most users or web developers (beyond a few known issues),” Charlie Reis says in the Security Blog post. “It simply offers more protection between websites behind the scenes.”
Platforms and vendors like Google have, as of late, been taking more and more measures to protect users’ privacy. Whether these measures work in the long run, we’ll just have to wait and see.