Chrome 67 update enables Site Isolation by default
Google has added Site Isolation by default to the latest version of Chrome, in order to further protect against Spectre attacks.
Security measures have been put in place for all desktop users who have updated to Chrome 67, the internet giant announced, as the widespread bug continues to threaten computer users.
The new feature aims to prevent against an attack by an actor exploiting Spectre, a computer chip vulnerability which performs speculative execution side-channel attacks to steal otherwise protected data.
With Site Isolation enabled, Chrome renders content for each open website in a separate process, isolated from other websites.
It was also designed to include Cross-Origin Read Blocking (CORB), which attempts to block cross-site HTML, XML, and JSON responses during rendering.
This makes it harder for a malicious actor to use the Spectre flaw to access information.
Google engineer Charlie Reis explained in a blog post: “These attacks use the speculative execution features of most CPUs to access parts of memory that should be off-limits to a piece of code, and then use timing attacks to discover the values stored in that memory.
“Effectively, this means that untrustworthy code may be able to read any memory in its process' address space.
“This is particularly relevant for web browsers, since browsers run potentially malicious JavaScript code from multiple websites, often in the same process.
“In theory, a website could use such an attack to steal information from other websites, violating the Same Origin Policy.”
Google’s new security feature is enabled on Windows, Mac, Linux, and Chrome OS.
The addition is just the latest security feature Google has rolled out for Chrome, after previously incorporating an antivirus engine, and an adblock feature.
