This week, Google said that the site isolation technologies it has had to add to its Chrome web browser to mitigate the Spectre processor vulnerability come with a 10 to 13 percent increase in memory usage. This is bad news, especially for those who feel that Chrome already uses too much RAM.
“Site Isolation is a significant change to Chrome’s behavior under the hood, but it generally shouldn’t cause visible changes,” Google’s Charlie Reis explains. “Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs: There is about a 10-13 percent total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure.”
As I’m sure you know, Intel belatedly disclosed—and understated the severity—of two major processor vulnerabilities called Spectre and Meltdown in January. In the ensuing mess that occurred, Microsoft and other software platform makers pledged to help Intel distribute patches for these vulnerabilities to users. And Intel claims that future generation chips will be “immune” to this kind of attack.
As a major platform maker in its own right, Google is likewise working to mitigate Spectre and Meltdown in its own products, including Chrome, which is the basis for Chrome OS. With Chrome 67, Google added a feature called site isolation that “improves security and helps mitigate the risks posed by Spectre,” and it is now enabled by default across Windows, Mac, Linux, and Chrome OS.
Google promises other improvements to site isolation that will help mitigate attacks beyond Spectre. But this marks the first time that the firm has admitted to the cost of its current fix.
“Site Isolation is a large change to Chrome’s architecture,” Reis says. “In Chrome 67 … even if a Spectre attack were to occur in a malicious web page, data from other websites would generally not be loaded into the same process, and so there would be much less data available to the attacker. This significantly reduces the threat posed by Spectre.”
<p>spectre mitigation… yes yes yes…sure sure sure</p>