Google Tips Tutorials

Enable Strict Site Isolation in Chrome for Some Extra Protection

enable strict site isolation'
Written by Vivek

2017 was a seemingly amazing year for the tech industry but it left with some bittersweet memories. First, Apple was caught doing its shady stuff and then it was Intel’s turn. More specifically, Intel CPUs have a common flaw that can be exploited. A potential attacker wouldn’t even need physical access to your computer in this case. It can be done using Javascript that runs on your web browser. It’s not as easy but in theory, if you were to bounce onto a website that runs such javascript on your browser things could get worse. This is why Mozilla has recently sent out updates to its Firefox Quantum web browser blocking certain javascript. It seems Google could also be working on a fix called Strict Site Isolation.

If you need more information about Spectre and Meltdown you can read this article at DroidViews. Essentially, Spectre affects all CPUs while Meltdown is limited to Intel CPUs. Spectre is harder to fix but fortunately, it is also harder to exploit. Meltdown, on the other hand, is not as hard to fix nor as hard to exploit. The most basic security defense that a computer offers is that it isolates untrusted programs from accessing other processes on the computer. It also prevents them from accessing the deepest layers of the computer’s operating system where its most sensitive secrets are kept. Things like private files, passwords, or cryptographic keys are thus protected, or so everyone thought.

These new flaws mean any hacker could run code on a target computer through the Internet and break isolation. There is a lot of jargon around on the Internet but perhaps this image below says it the best. enable strict site isolation

Google’s Strict Site Isolation is not yet enabled for Chrome 63 but it will be in Chrome 64. This is because it is “highly experimental” for now. You can enable it using Chrome flags in Chrome 63 which is currently the latest version of Chrome. According to Google, “When you enable site isolation, content for each open website in the Chrome browser is always rendered in a dedicated process, isolated from other sites. This creates an additional security boundary between websites”.

In other words, Strict Site Isolation, when enabled, runs each website in an isolated process that is separate from other browser processes. These separate processes are limited to the website which not only means increased security but also stability. Each website runs in what’s essentially a sandbox environment and cannot access any other data on your computer or your browser even. If a tab or website crashes it won’t take down the entire window with it either. That all sounds good but enabling this feature also increased the average memory consumption of Chrome by 10% to 20%.

Enable Strict Site Isolation

  1. Open Chrome. enable strict site isolation
  2. Type chrome://flags in the address bar and hit the Enter key.
  3. Type enable-site-per-process in the search bar or use Chrome’s Find in page function by pressing Ctrl + F and search for Strict Site Isolation. enable strict site isolation
  4. Click on the Enable button next to Strict Site Isolation and then click on the Relaunch Now button that appears.