Google Chrome’s ‘Site Isolation’ to secure web domain’s snooping on each other!
Each time a user visits a new domain, the Google Chrome web browser creates a new process for the web page. This sandboxing is done to stop each process from interfering with one other. This Process is termed as site isolation and is a security feature that has been recently added in the Chrome web browser by Google.
This Feature was added in Chrome 63 and users could enable it manually by changing a Chrome flag.
Google took this step to address the flaws of security rules enforced by the Same Origin Policy. If allowed to access each other’s data inside the web browser, the malicious sites can steal data from other sites.
Site isolation has been enrolled out this year in Chrome 67 and is automatically enabled for better protection. Site isolation was a major architecture change in Chrome. It was prompted by the security scare caused by Meltdown and Spectre security bugs. Site isolation plays a major role in reducing the amount of valuable cross-site information in a web page’s process.
Site isolation provides protection against universal cross-site scripting (UXSS) which is a type of a web browser security bug. If left unchecked, the attacker is able to access the information on the web page by bypassing the Same Origin Policy.
Project Fission by Mozilla
Mozilla started work on a similar project in April that has features like the Site isolation project by Google. This Plan was named as Project Fission.
Mozilla has already rolled out Electrolysis, a project that implemented Firefox from a single-process app to a multi-process app. Mozilla is still working on project fission and it is still in its early stages.
Firefox currently works on creating a multiple page rendering process by creating one GUI process. Firefox is now a multi-process architecture but it is still tied down by a maximum number of rendering processes it can create.
Firefox has adhered to the limit of a maximum number of rendering processes to keep the RAM usage in check. This is done because new processes start taking up more memory and hog system resources.
It seems easy to switch to per domain/process but the main hurdle is to keep down the RAM usage which makes it harder to implement practically.
Will Mozilla be able to reduce each process to 7 MB?
Mozilla has started work on keeping down memory usage and improve its performance. Mozilla started a new side project within Project Fission called Fission MemShrink. The Sub-project Fission MemShrink focuses on improving the RAM usage by Firefox.
The Fission MemShrink project requires a Company and Community Wide effort to improve the memory usage and attain their goal of shaving off 7 MB per process.
With around 100 processes running, in an average Firefox session, each process creates its own memory overhead, not based on what is being run on the process. In an ideal Fission project, if each process ends up using 10 MB then they would be able to keep the memory overhead below 1 GB.
At the moment, Windows 10 is somewhere between 17 and 21 MB, Linux and OS-X are between 25 and 35 MB. This totals to around 2 to 3.5 GB of total RAM usage in each session.
Cutting down 7MB is a hard target to achieve but Mozilla engineers are working hard to reduce the RAM usage of each process. They might not be able to achieve the targeted 7 MB but whatever they achieve will be a help to reduce RAM usage overall.
Hits: 266
Home
