Google has secretly enabled a security feature called Site Isolation for 99% of its desktop users on Windows, Mac, Linux, and Chrome OS. This happened in Chrome 67, released at the end of May.
Site Isolation isn’t a new feature per-se, being first added in Chrome 63, in December 2017. Back then, it was only available if users changed a Chrome flag and manually enabled it in each of their browsers.
The feature is an architectural shift in Chrome’s modus operandi because when Site Isolation is enabled, Chrome runs a different browser process for each Internet domain.
Site Isolation put on the fasttrack after Meltdown and Spectre
Initially, Google described Site Isolation as an “additional security boundary between websites,” and as a way to prevent malicious sites from messing with the code of legitimate sites.
Google’s slow-moving plans towards Site Isolation’s rollout changed a month after its launch, in January 2018, when the Meltdown and Spectre vulnerabilities were disclosed to the public.
From an experimental project that’s been in the works for several months, Site Isolation became Chrome’s primary defense against Meltdown and Spectre attacks.
Ever since January, Google has been slowly enabling Site Isolation by default for more and more users, testing how it affected the browser’s performance.
Splitting the code of each domain into a separate process takes a heavy toll on Chrome and the underlying OS. According to Google, this impact is “about a 10-13% total memory overhead in real workloads due to the larger number of processes.”
But Google engineers seem to be OK with this performance overhead, as a trade-off for the improved security.
The feature is now enabled by default for 99% of Chrome’s desktop userbase, and Android will follow soon. Site Isolation is supported in Chrome for Android, but it’s still disabled by default and hidden underneath the chrome://flags/#enable-site-per-process flag.
Google rolling back other Meltdown and Spectre mitigations
Google says that by enabling Site Isolation for the vast majority of Chrome users in v67, it’s engineers can now roll back some of the other Meltdown and Spectre mitigations they added to Chrome, but which have also had a negative performance impact, and which are not needed anymore.
“We are planning to re-enable precise timers and features like SharedArrayBuffer (which can be used as a precise timer) for desktop,” Google said.
With Site Isolation enabled, such attacks aren’t possible because each site domain runs in a separate browser process which contains data from one domain alone, and not multiple sites at once, at Chrome used to do before Site Isolation. Furthermore, Site Isolation also destroys a site’s process and creates a new one if a user navigates to a different site inside the same tab, keeping isolation at the site-level and not at the tab level, as its name implies.
Reenabling precise timers and access to the SharedArrayBuffer function isn’t expected to have a negative impact on Chrome users’ security, but will allow web developers the ability to create more accurate web apps that handle with real-time data once again.