Mitigating Spectre with Site Isolation in Chrome

Posted by cageymaru 4:17 PM (CDT)

Thursday July 12, 2018

The Google Security Blog has showcased a newly enabled Chrome feature that helps to protect against speculative execution side-channel attacks like Spectre. Site Isolation limits each renderer process to documents from a single site. To put this in context, previously Chrome allowed cross-site popups and iframes to access and stay in the same process as the page that created them. The cost of this enhanced security is 10% to 13% more memory usage.

It is good to see enhanced security features being enabled in Chrome, but I've been fighting the extra memory usage while doing the news. I'm glad to see that the Google Chrome development team is optimizing this new feature and porting it to Android.

In January, Google Project Zero disclosed a set of speculative execution side-channel attacks that became publicly known as Spectre and Meltdown. An additional variant of Spectre was disclosed in May. These attacks use the speculative execution features of most CPUs to access parts of memory that should be off-limits to a piece of code, and then use timing attacks to discover the values stored in that memory. Effectively, this means that untrustworthy code may be able to read any memory in its process's address space.