In order to combat the newly discovered security risks for browsers by Spectre like attacks, Google has announced in its blog that Chrome 67 is gong to have a feature called "Site Isolation" on Windows, Mac, Linux and Chrome OS.
.svg/1200px-Google_Chrome_icon_(September_2014).svg.png){kind=icon} |
| Image Source: Wikipedia |
What are Spectre attacks you say? No, they are not attacks by Blofeld's organisation bearing the same name in the James Bond series. But they are just as malicious as they steal data or login information from other websites open in the Browser.
 |
Ernst Stavro Blofeld - Head of S.P.E.C.T.R.E. in the James Bond Series
Image Source: https://nerdist.com/
|
Google says in their Blog that this is phase one of their overall site isolation project and they will eventually roll out security updates that will protect against attacks beyond Spectre.
Let me try and explain the Site Isolation feature in as simple a way as possible. Please note that the following is an extreme simplification and there is actually much more to it.
So, here goes: Google Chrome always had the feature caused different tabs that you opened to be each handled by a different "Process".However, the Pop-ups emanating from a tab would share the Process with its Parent Tab. This meant that any malicious script running on the Pop-up would have access to the data of the Parent Tab.
After this update, all Pop-ups and windows emanating from any tab will be run separately in a different process. This means that even if a malicious script is run they will have no access to the Parent Page as it is being run on a completely different Process. Here is an illustration from Google's Blog to make things clearer:
 |
| Image Source : Google Blog |
As you might have guessed, this feature is definitely going to lead to more consumption of memory resources by the browser. Google declares that it is going to lead to a memory usage increase by 10-13%. Given the bad reputation of Chrome in this regard, that is not going to please a lot of users but Google does say that their team is working hard to optimize this feature.
Site Isolation will be available for 99% of users on Windows, Mac, Linux and Chrome OS. You read that right, it's not going to be available for users on Android yet. It's slated to be available for Android users on Chrome 68 where one would have to enable it manually.
Cash rewards are being offered Google to those who submit security bugs via the Chrome Vulnerability Reward Program.
Do leave your comments and reactions below.
Don't forget to subscribe by email if you want to be updated about the latest posts.
Don't forget to subscribe by email if you want to be updated about the latest posts.
No comments:
Post a Comment