Tue. Nov 12th, 2019

Google Chrome continues to improve site isolation security technology

2 min read

Google Chrome launched a website isolation technology to respond to attacks as early as the media revealed the Meltdown and Spectre speculative execution vulnerabilities of Intel processors. Because such speculative execution vulnerabilities can launch attacks through browsers and steal security keys in memory, there is a serious security risk for users. Google Chrome website isolation technology can put the website in a separate sandbox process, even if the attacker successfully launches an attack, they can not steal the user’s data.

Google Chrome 70

Google Chrome as a cross-platform browser used this kind of technology on various platforms, and the website isolation technology itself needs to consume more memory resources. It is relatively acceptable to consume more memory or processor resources on the desktop platform, but the hardware overhead of the mobile platform is too large, which will cause the device to get stuck. However, the Google Chrome development team based on security considerations or the previously undifferentiated deployment of this technology, which will also cause some trouble for Android users. It is also so after a long period of development, Google is about to launch a separate isolation technology for the Android platform to ensure security while reducing resource consumption.

Google Chrome released a blog saying that starting with Google Chrome v77 will provide optimized website isolation technology for the Android platform to reduce resource consumption. The technology adopted by Google is that the quarantine process is enabled only when the website needs to enter the account password to log in so that the user’s private information is isolated from other processes. Those websites that do not need to enter the account password to be logged in will be placed in the same process. Of course, the Google Chrome v77 has been released so that Google has begun to deploy this technology for users, and 99% of Android devices with more than 2G of memory have enabled this feature.

However, users can manually enable chrome://flags/#enable-site-per-process to adopt the previous website isolation technology if they are pursuing a high-security environment. In addition, the isolation technology of the Google Chrome desktop version has been improved in the new version, and the various types of code in the tab can be escaped to prevent hidden network attacks.

Via: bleepingcomputer