2017 was a seemingly amazing year for the tech industry but it left with some bittersweet memories. First, Apple was caught doing its shady stuff, and then it was Intel’s turn. More specifically, Intel CPUs have a common flaw that can be exploited. A potential attacker wouldn’t even need physical access to your computer.
It can be done using Javascript that runs on your web browser. It’s not as easy but in theory, if you were to bounce onto a website that runs such javascript on your browser things could get worse. This is why Mozilla has recently sent out updates to its Firefox Quantum web browser blocking certain javascript. It seems Google could also be working on a fix called Strict Site Isolation.
Essentially, Spectre affects all CPUs while Meltdown is limited to Intel CPUs. Spectre is harder to fix but fortunately, it is also harder to exploit. Meltdown, on the other hand, is not as hard to fix nor as hard to exploit.
The most basic security defense a computer offers is that it isolates untrusted programs from accessing other processes on the computer. It also prevents them from accessing the deepest layers of the computer’s operating system where its most sensitive secrets are kept. Things like private files, passwords, or cryptographic keys are thus protected, or so everyone thought.
These new flaws mean a hacker could run code on a target computer and break isolation. There is a lot of jargon on the Internet but perhaps this image below says it the best.
Google’s Strict Site Isolation is not yet enabled for Chrome 63 but will be in Chrome 64. This is because it is “highly experimental” for now. You can enable it using Chrome flags in Chrome 63 which is currently the latest version of Chrome. According to Google, “When you enable site isolation, content for each open website in the Chrome browser is always rendered in a dedicated process, isolated from other sites. This creates an additional security boundary between websites”.
In other words, Strict Site Isolation, when enabled, runs each website in an isolated process that is separate from other browser processes. These separate processes are limited to the website which not only means increased security but also stability. Each website runs in a sandbox environment and cannot access any other data on your computer or browser. If a tab or website crashes it won’t take down the entire window. That all sounds good but enabling this feature also increased the average memory consumption of Chrome by 10% to 20%.
Enable Strict Site Isolation
- Open Chrome.
- Type chrome://flags in the address bar and hit the Enter key.
- Type enable-site-per-process in the search bar or use Chrome’s Find in page function by pressing Ctrl + F and searching for Strict Site Isolation.
- Click the Enable button next to Strict Site Isolation and click the Relaunch Now button.
Read Next: Best Funny Websites to Kill Your Boredom