Internet search giant Google hopes to mitigate the number of malicious websites attacking Google Chrome users through a new robust security feature.
Google on Wednesday, July 11 announced the pilot release of Site Isolation on the state build of the Chrome browsers (Chrome 67) for Windows, Mac, Linux, and Chrome OS. Amid the new attack of the Spectre CPU vulnerability, the Mountain View-based tech giant is looking into taking the edge off stealing data which has been a hot commodity among cybercriminals.
Site Isolation is not entirely new. In fact, it has been under experiment since Chrome 63 which users can toggle on by choice. After it has proven to resolve issues, Google has made it available by default so desktop Chrome users get an added layer of protection from cyberattacks. Site Isolation will soon be available by default on Chrome for Android apps.
New security feature in Chrome 67 on desktop: Site Isolation ?
— Chrome Developers (@ChromiumDev) July 11, 2018
What is it? Why is it necessary? Why should web developers be aware of it?@mathias explains: https://t.co/HvZ3cQbhyK
In January, Google Project Zero revealed a series of speculative execution side-channel attacks which later came to the public's knowledge as Spectre and Meltdown. These vulnerabilities are known to steal sensitive data, like credit card details, passwords, email address, cookies, and other encryption credentials, while a subject browser remains open.
In May, another strain of Spectre was discovered targeting CPUs to access restricted parts of shared memory and steal data stored therein. The act of theft can be done successfully through performance enhancements features like pop-ups and iframes.
With Site Isolation, Spectre will be cut access to the shared memory as the content from a website's domain is securely put through a process that runs in a sandbox. If Spectre has no access, it can't filch anything.