“Site Isolation” Feature enabled by Google for 99% of Chrome Desktop Users

Earlier when most web browsers were designed, the web pages were simple and hence were rendered in the same process, to keep resource usage low.

However, with the growing technology, there has been a significant shift in the active web page content. Ranging from pages designed using JavaScript to make the web pages interactive and create richer user interfaces with reduced server load to Flash, a technology used by Adobe to show animation on web pages, web-pages nowadays are full of “web apps”. Browsers that keep all the running apps in one process may face real challenges related to security, responsiveness and robustness.

Disadvantages of browsers running in the same process:

1. If one web app crashes, it will take the entire web browser with it, including all the web apps that are open.
2. Web apps have to compete for CPU time, on a single thread rendering the browser unresponsive at times.
3. Some webpage may have malicious code embedded that may compromise the entire system.

Hence the browser must keep different apps isolated from each other to avoid any loopholes.

Google Chrome has always had a multi-process architecture, where different tabs are assigned different renderer processes.

This allows Google Chrome to have its own Task Manager that lets you track the resource usage of each web app and plug-in rather than the entire browser as a whole. It also enables you to kill the process of any web app that is not responding or appears malicious without having to restart the entire browser.

Also, when a given tab is navigated to a new site, it is switched to a different process.

Furthermore, the security policy ensured by legitimate and authenticated web pages allows users to visit the webpage without worrying about the security of the data and computer safety.

 Vulnerability in Multi Processes Architecture:

Despite of isolating the web apps from each other by providing separate processes, attackers have devised ways to share the process of their malicious website with victim’s other web pages.

For example, cross-site iframes and cross-site pop-ups that allows external web page to be embedded in an HTML document anywhere within a web page layout allowing online advertising and multimedia, typically stays in the same process as the page where they are created. This would allow a successful Meltdown & Spectre attack to read data (e.g., cookies, passwords, etc.) belonging to other frames or pop-ups in its process.

Meltdown & Spectre attacks exploited this cross-site iframes and cross-site pop-ups vulnerability in the software processors to pose security risks for web browsers. Such attacks could be used to steal login information or confidential data from other websites that are open in the browser.

Google’s Site Isolation feature

In order to combat this vulnerability in multi-processor architecture, Google has announced a Security feature called Site Isolation for Chrome Version 67 and above on windows, MAC, Linux and Android OS.

Site Isolation allows splitting the code of each domain into a separate process.

However, the sub-domains within the site would stay in the same process. For instance, https://google.co.uk would be a site or a main domain, and sub-domains like https://maps.google.co.uk would stay in the same process.

Hence, all navigation to cross- site documents iframes are put into a different process, using “out-of-process iframes”. Hence, any attack that occurs on a malicious web page would be limited to a separate process restricting the data from the other sites to be loaded in the same process. This does not allow the data from the other sites to be compromised.

Splitting a single page across multiple processes is a major change to Chrome’s architecture.

Site Isolation has been optionally available since Chrome 63 as an experimental enterprise policy, but by default this feature was disabled. Users had to manually enable this feature by changing the Chrome flag in their browsers.

Steps to follow to enable Site Isolation feature:

Method 1: Via Chrome Flag

1. Type chrome://flags in the address bar and press Enter.
2. Scroll down the page and find “Strict site isolation”. Select Enable from the drop-down.
3. Restart the Chrome browser.

Method 2: Via Command Line Flag

1. Find your Google Chrome icon/shortcut and right click on.
2. Select Properties from the drop-down menu.
3.  Select the Shortcut tab.
4.  In the Target field, add the following text “–site-per-process” at the end of the shortcut path and click on Apply Button.

The feature is now enabled by default in 99% of Chrome desktop user base and Android will follow soon.

However, these changes come with performance trade- off. Increase in the number of processes has an impact on memory consumption that increases by 10-13%.To overcome this, Chrome is planning to re- enable precise timers and features like SharedArrayBuffer that was disabled to combat Spectre and Meltdown attacks initially.

Hits: 63