Google Chrome prevents sites from launching Spectre-like attacks

Donna Miller
July 12, 2018

Google is working to optimize the security feature to keep Chrome both fast and secure and plans to add experimental enterprise policies for enabling Site Isolation in Chrome 68 for Android.

Google recently enabled a new security feature as part of Chrome 67 that aims to mitigate speculative execution side-channel attacks like Spectre.

This flaw matters more for browsers because they run JavaScript code from multiple websites, often in the same process, which could allow a website to use such an attack to steal information from other websites.

Assuming you have a ton of tabs open already, you can open up Google Chrome's Task Manager (Under Menu - More Tools) and look for processes that say "Subframe:" and show a URL that is clearly not something you're browsing directly-for instance doubleclick.net or 2mdn.net, which are iframes for ads.

The Spectre attacks, which were made public in January, effectively allow malicious code to read any memory in a process's address space. "Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs: There is about a 10-13 percent total memory overhead in real workloads due to the larger number of processes". A given tab could even switch processes when navigating to a new site in some cases.

'FBI lovers' lawyer refuses to testify on alleged anti-Trump bias
Jeffress also said Page had been attempting to access documents at the Federal Bureau of Investigation to prepare for the hearing. Michael Flynn, who briefly served as Trump's national security advisor, pleaded guilty to lying to investigators.

"It was still possible for an attacker's page to share a process with a victim's page".

The feature "generally" shouldn't break legitimate site behavior. You might need to consider using a tab manager extension. This would normally fail to render and not expose the data to the page, but that data would still end up inside the renderer process where a Spectre attack might access it. CORB tries to transparently block cross-site HTML, XML, and JSON responses from the renderer process, with nearly no impact to compatibility.

Reis said it generally shouldn't cause visible changes for most users or web browsers outside of a few known issues but still, that's a significant performance penalty, especially on a machine that may already be light in terms of RAM.

While Spectre is more hard to exploit than Meltdown, it is also more hard to patch. To date, most others have disabled the same types of precise timers as Chrome. If Google's site isolation works as designed, it goes much further by preventing the mingling of data from different domains in the first place. However, neither Mozilla nor Microsoft provided any indication when or if site isolation may be coming to Firefox, Edge, or Internet Explorer.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER