Latest in Gear

Image credit: Jon Fingas/Engadget

Google Chrome prevents sites from launching Spectre-like attacks

Site isolation is the law of the land as of Chrome 67.
270 Shares
Share
Tweet
Share
Save
Jon Fingas/Engadget

If you're using Chrome, you now have fewer reasons to worry about Spectre-style security threats. Google has revealed that Chrome 67 for desktop and the matching Chrome OS release enable a previously experimental Site Isolation feature that reduces the chances of intruders using speculative execution side-channel attacks like Spectre. The technique limits the web renderer process to content from a single site, preventing an attacker's page from sharing malicious code through an innocent page (say, though cross-site pop-ups or remotely stored scripts). In theory, sinister types can't swipe passwords or other sensitive data while you're visiting otherwise innocuous sites.

The feature "generally" shouldn't break legitimate site behavior. It will, however, put extra strain on your system. Google believes there's a 10 to 13 percent memory overhead compared to earlier versions since it'll need to run processes for each site.

The company promises "additional security checks" in the future, including safeguards when an attack has already been compromised. Mobile users will have protections, too, with Chrome 68 for Android will adding an experimental Site Isolation flag. These initiatives don't guarantee that you'll be immune to Spectre and its kind, but they should cut off some of the more obvious avenues for stealing your info.

From around the web

ear iconeye icontext filevr