Published: Sun, July 15, 2018
Industry | By Dora Warner

Chrome uses more RAM thanks to Spectre vulnerability fixes

Chrome uses more RAM thanks to Spectre vulnerability fixes

Version 67 of Google Chrome enabled site isolation by default in an effort to protect users against Spectre-based attacks.

The specific risk for browsers caused by Spectre is that a an attack can use CPU speculative execution to access normally protected parts of memory, allowing bad code to read any memory in its process' address space. Canary is an early-release, experimental version of Google's web browser Chrome that has the latest features in development.

The company reiterates in this blog post that following this update, RAM usage for Chrome across Chrome OS, Windows, and Mac will be increased but it won't let users keep up with that forever. Google's Site Isolation prevents data from multiple sites to be loaded in the same process.

See how a website is rendered using multiple processes to better isolate potentially damaging data from your private data
See how a website is rendered using multiple processes to better isolate potentially damaging data from your private data?Image Google

Google is promising to continue working on reducing the overhead that Site Isolation tech introduces for Chrome users.

Site Isolation has also been created to include a feature called Cross-Origin Read Blocking (CORB), which tries to transparently block cross-site HTML, XML, and JSON responses from the renderer process, so that an attacker's page can't access and leak information from cross-site URLs by requesting them as subresources (e.g., images or scripts).

Google, however, believes something called Site Isolation is the best way to protect you from Spectre. Now, Chrome has changed how its multi-process architecture worked and different tabs used different render processes.

MacBook Pro keyboards may have gotten a secret upgrade
The move was surprising since many expected Apple to unveil the refreshed MacBook Pro lineup at its September iPhone event. For those of you that prefer to work on your MacBook Pro using an external monitor, this is good news.

While websites are generally not able to access stored data from other websites in the browser due to Chrome's Same Origin policy, the Site Isolation feature strengthens this protection by putting pages from different websites into different processes, which are sandboxed to limit what that process is capable of doing. Google is planning to enhance an update on Site Isolation to further update online security for the much-loved Google Chrome.

While the additional security offered by Site Isolation will be welcomed, the performance hit and requirement for more resources are going to be less well-received - particularly given Chrome's RAM-gobbling reputation.

"This means all navigations to cross-site documents cause a tab to switch processes".

Wimbledon’s record match prompts call for change
The 6-foot-10 tower bagged his biggest career title at the Miami Open, one of the most prestigious non-major tournaments. The five-set thriller ended with Djokovic registering a victory with the scoreline 6-4, 3-6, 7-6 [11-9], 3-6, 10-8.

Spectre and Meltdown are vulnerabilities on all machines that run Intel and AMD chips. That's good advice for using Chrome in general, but it's also easier said than done when you've got the entirely of the internet at your fingertips.

It should be noted that this isolation is not new - it was submitted in December 2017 63 in Chrome, but then the users had to enable it manually.

Cops accused of using app to decide on arrest in Georgia
So Brown opened a coin flip app on her phone. "Yeah", said Brown. "So released". "This is tail right?" an officer is heard saying. The other officer responds, "Yeah, so release?" followed by the first officer saying "23".

Like this: