The Spectre and Meltdown vulnerabilities, discovered earlier this year, caught everyone off guard including hardware and software companies. Since then, several vendors have patched them, and today, Google Chrome implemented measures to protect the browser against Spectre. The exploit uses the a feature found in most CPUs to access parts of memory that should be off-limits to a piece of code and potentially discover the values stored in that memory. Effectively, this means that untrustworthy code may be able to read any memory in its process’s address space. In theory, a website could use such an attack to steal information from other websites via malicious JavaScript code. Google Chrome is implementing a technique known as site isolation to prevent any future Spectre-based attacks from leaking data.

What is Site Isolation and How Does it Work

Site Isolation has the browser render content for each open website in a dedicated process that is separated from other pages. For example, a domain such as https://google.co.uk and subdomains like https://maps.google.co.uk would stay in the same process, which wasn’t the case earlier. Historically, Chrome has used a multi-process architecture where different tabs could use different processes at the same time. A tab could even switch processes when navigating to a new site if needed. With Site Isolation is enabled, each renderer process can contain documents from only one site. Navigations to cross-site documents cause a tab to switch processes. Google’s security blog elaborates more on this

"It also means all cross-site iframes are put into a different process than their parent frame, using “out-of-process iframes.” Splitting a single page across multiple processes is a major change to how Chrome works, and the Chrome Security team has been pursuing this for several years, independently of Spectre. The first uses of out-of-process iframes shipped last year to improve the Chrome extension security model."

However, even with each renderer process being limited to a single document, there is still a chance that an attacker’s page could access and leak information by requesting them as elements such as images or scripts. A page could try to request sensitive data as if it were an image or script, which can later be accessed via a Spectre attack.

With Site Isolation enabled, Chrome creates more renderer processes. Even if a Spectre attack were to occur in a malicious web page, data from other websites would not be loaded into the same process, resulting in much less data being available to the attacker. Site Isolation has been enabled for 99% of users on Windows, Mac, Linux, and Chrome OS, with the remaining one percent being held back to monitor the effects. The only tradeoff is that Chrome might use 10-15% more memory than it did earlier. Google also stated that Chrome for Android will get Site Isolation in a subsequent release. In Chrome 68 for mobile, you can manually enable Site Isolation via the “chrome://flags/#enable-site-per-process” flag.