If you need more information about Spectre and Meltdown you can read this article at DroidViews. Essentially, Spectre affects all CPUs while Meltdown is limited to Intel CPUs. Spectre is harder to fix but fortunately, it is also harder to exploit. Meltdown, on the other hand, is not as hard to fix nor as hard to exploit. The most basic security defense that a computer offers is that it isolates untrusted programs from accessing other processes on the computer. It also prevents them from accessing the deepest layers of the computer’s operating system where its most sensitive secrets are kept. Things like private files, passwords, or cryptographic keys are thus protected, or so everyone thought.
These new flaws mean any hacker could run code on a target computer through the Internet and break isolation. There is a lot of jargon around on the Internet but perhaps this image below says it the best.
Google’s Strict Site Isolation is not yet enabled for Chrome 63 but it will be in Chrome 64. This is because it is “highly experimental” for now. You can enable it using Chrome flags in Chrome 63 which is currently the latest version of Chrome. According to Google, “When you enable site isolation, content for each open website in the Chrome browser is always rendered in a dedicated process, isolated from other sites. This creates an additional security boundary between websites”.
In other words, Strict Site Isolation, when enabled, runs each website in an isolated process that is separate from other browser processes. These separate processes are limited to the website which not only means increased security but also stability. Each website runs in what’s essentially a sandbox environment and cannot access any other data on your computer or your browser even. If a tab or website crashes it won’t take down the entire window with it either. That all sounds good but enabling this feature also increased the average memory consumption of Chrome by 10% to 20%.
Enable Strict Site Isolation
- Open Chrome.
- Type chrome://flags in the address bar and hit the Enter key.
- Type enable-site-per-process in the search bar or use Chrome’s Find in page function by pressing Ctrl + F and search for Strict Site Isolation.
- Click on the Enable button next to Strict Site Isolation and then click on the Relaunch Now button that appears.