Google: Chrome now protects you from Spectre password-stealing attacks

Chrome 67 Site Isolation keeps Spectre attacks at bay

Users may be thinking that the increased RAM usage is a bug, but it is actually caused by a new feature that was launched on Google Chrome 67.

Google Chrome might be the most popular browser in the world, but it has historically been rather memory hungry, especially when you've got multiple tabs open. The feature looked to improve stability, while making the internet browser more resistant to attacks such as Spectre. As a result, a page located at arstechnica.com that embeds ads from doubleclick.net will load content into two separate renderer processes, one for each domain.

All this sounds good, but it comes at a cost. Google's own benchmarks saw memory usage increase by about 10%-13% on the desktop with Site Isolation enabled. Some of the performance hit can be offset by smaller and shorter-lived renderer processes.

Google has confirmed that the latest version of the browser now includes browser-side site isolation fixes to mitigate the Spectre vulnerability inherent in most modern CPUs.

Massive sarcophagus found in Egypt - and archaeologists don’t know what lies inside
Experts are assuming it represents whoever is buried in the sarcophagus, though that's yet to be confirmed. The mysterious sarcophagus was discovered close to an alabaster sculpture of a head.

Google claims to have enabled this safeguard for 99% of Chrome users on Windows, Mac, Linux, and Chrome OS. It has held back one percent to monitor performance.

Site Isolation was enabled by default on desktops with the release of Chrome 67, at the end of May, as previously reported.

The mitigation is an impressive engineering feat that's created to lessen the damage of attacks that exploit a new class of vulnerability that came to light in January.

According to Google engineer Charlie Reis, a website could use an attack like this to steal information from other websites which violates the Same Origin Policy.

Cesc Fabregas sends heartfelt Chelsea FC message to Antonio Conte
The club's 64-word announcement was eventually made on Friday, ending with: "We wish Antonio every success in his future career". Sarri will become the 12th manager to take over the reins at Chelsea since Roman Abramovich bought the London club in 2003.

Site Isolation is a significant change to Chrome's behavior under the hood, but it generally shouldn't cause visible changes for most users or web developers (beyond a few known issues). By separating out the rendering processes by site, Chrome can prevent directly reading memory across processes, and utilize the built-in operating system protections against Spectre (which still isn't very clear). Thus, https://google.co.uk would be a site, and subdomains like https://maps.google.co.uk would stay in the same process. You could also add a command line flag to start Chrome with -site-per-process, but that's a lot of work.

"It was still possible for an attacker's page to share a process with a victim's page".

With Site Isolation, a single page may now be split across multiple renderer processes, preventing bad sites from snooping on legit ones. That setup could theoretically allow a Spectre exploit to read data belonging to other domains on the page, like your passwords or browser cookies. It also means all cross-site iframes are put into a different process than their parent frame, using "out-of-process iframes".

Google said it's been working on this for several years, independently of Spectre, so the inclusion of Site Isolation was inevitable.

First images emerge of boys rescued from Thailand cave
The fate of the boys has even resonated as far as Russian Federation , where soccer's World Cup is reaching its final stages. Official help came from Britain, the United States, Japan, Laos, Myanmar, China and Australia, a government document showed.

While that's great, the fact that Chrome now uses even more RAM isn't great news to owners of older computers, which may not have enough RAM to spare. "This significantly reduces the threat posed by Spectre".

Related News:



Most liked

Johnson & Johnson ordered to pay $4.69 bn damages in talc cancer case
German shares of the company fell as much as 3.59 euros to 105.48 euros ($122.65) after closing at $127.76 Thursday in NY . The asbestos cases are part of more than 9,000 claims facing J&J alleging its talc products cause cancer.

'First blue whale' caught in 50 years
Icelandic whalers appear to have killed an endangered blue whale before chopping it up to be eaten as a delicacy in Japan. Loftsson's whaling station crew posed for photos next to and on top of the whale.

Pakistan to experience its second solar eclipse of the year
A solar eclipse or Surya Grahan is going to occur today when the moon will obstruct the way between the sun and the earth. In partial solar eclipse or " aanshik surya grahan ", however, the Moon only partly obscures the Sun's disk.

Tesla loses United States subsidies as it hits 200,000 sales mark
However, the company has until now declined to comment on just how close to that threshold it has got. That limit is based on how many deliveries of electric cars an automaker makes in the US.

Donald Trump refers to Ireland as a part of the UK
The US leader had claimed he doubted a US-UK trade deal would happen because of Theresa May's Brexit plans. Trump shrugged off the planned protests, telling reporters "they like me a lot in the U.K".

Israel plans its first moon launch in December
Once the mission is accomplished, the developer said the spacecraft will remain on the moon as a " symbol of Israeli success ". Built by Israel Aerospace Industries (IAI), the lander, which looks like a large spider, is created to land on the Moon.

'Do not eat this cereal': CDC links Honey Smacks, salmonella
However, the CDC says Honey Smacks products with earlier dates could also potentially be contaminated. State and local health officials continue to investigate the outbreak.

Trump Says 'No Problem' In NATO, Touting Allies' Spending Pledges
NATO Secretary General Jens Stoltenberg cited a "new sense of urgency, and all allies agreed to redouble their efforts". Still, Trump has been more conciliatory behind the scenes, including at a leaders' dinner Wednesday.

Ministry recalls some medicines containing valsartan over cancer fears
The recall was triggered after traces of N-nitrosodimethylamine (NDMA) were found in the valsartan used in the affected products. Health Canada describes NDMA as "a potential human carcinogen, which means that it could cause cancer with long-term exposure".

Shaqiri on brink of sealing Liverpool switch
Proven cover is needed for Sadio Mane and Mohamed Salah, and Stoke City's Xherdan Shaqiri has been heavily linked with a move to Anfield in recent weeks.

Riyad Mahrez: Why I Joined Manchester City
He said: "I'm very confident about myself and I hope to help this team to improve". At home (in November) we thought we could beat them but we lost'.

Top 4 underrated players of the World Cup
World Cup final: "For a country like Croatia , it's something historic to be in the final of a World Cup ". You've had an incredible #WorldCup, made history, and gave us fans something to believe in.

Trump meets Theresa May, promptly says Boris Johnson would be ‘great PM’
As he said in his interview with the Sun she "is a very good person" and he "never said anything bad about her". Her office had no immediate reaction to his remarks, beyond referring back to her speech.

Microsoft's Whiteboard collaboration app debuts for Windows 10, coming to iOS
That means in an Azure Active Directory and Active Directory you can authenticate a remote desktop session using biometrics. Of course, the problem only affects the UWP app - the service itself continues to support Windows 7, 8.1 and Windows 10 .

Homeless artist with no arms accused of stabbing tourist
Crenshaw was booked for battery charges on Tuesday night and his bond was set at $7,500, according to Miami-Dade Corrections. An armless homeless man in Miami , Florida has been charged with stabbing a Chicago tourist with scissors.