Google has announced a reinforcement for "Site Isolation" in Chrome, which allows processing of pages from different sites in separate isolated processes. The site-level isolation mode allows to protect the user from attacks which can be carried out through third-party blocks used on the site, such as iframe inserts or to block data leakage by embedding legitimate blocks on malicious sites.
When the controllers are separated in relation to a domain, only data from one site is found in each process, which makes it difficult to carry out attacks aimed at capturing data between sites. In the desktop versions of Chrome, separating controllers into a link to a domain, not a tab, has been implemented since Chrome 67. In Chrome 77, a similar mode was activated for the Android platform.
To reduce the overload, site isolation mode on Android is enabled only if the page is locked with a password.
Chrome remembers using a password and includes protection for all subsequent visits to the site. Protection is also immediately applied to a selected list of predefined sites popular with mobile device users.
The selective activation method and additional optimizations allowed to maintain the growth of memory consumption due to an increase in the number of running processes at an average level of 3-5%, instead of the 10-13% observed when activating isolation for all sites.
Site Isolation in Chrome to improve security
On the desktop version of Chrome, the mentioned Site Isolation mode is now strengthened to counter attacks intended to completely compromise the content process.
An improved isolation mode will protect site data from two additional types of threats: fdata leaks as a result of attacks through third-party channels, such as Specter and leaks after a full process commitment by successfully exploiting vulnerabilities that allow you to gain control over the process, but not enough to bypass sandbox isolation. In Chrome for Android, this protection will be added later.
The essence of the method is that the control process remembers which site the workflow has access to and prohibits access to other sites, even if the attacker gains control of the process and tries to gain access to resources at another site.
The restrictions cover resources related to authentication (stored passwords and cookies), data downloaded directly through the network (filtered and linked to the current site HTML, XML, JSON, PDF and other types of files), data in internal storages (localStorage), permissions (issued by site of microphone access permission, etc.) and messages transmitted through the postMessage and BroadcastChannel APIs.
All these resources are linked by a tag to the site of origin and are checked on the process side of control for the possibility of transfer by request from the workflow.
From the Chrome related events, we can also observe the beginning of the declaration of that Chrome will support scrolling to text support, allowing individual words or phrases to be linked without explicitly tagging the document using the "a name" tag or the "id" property. The syntax for these links is planned to be approved as a web standard, which is still in the draft stage.
Another interesting upcoming change in Chrome is the ability to freeze inactive tabs, allowing you to automatically download from memory tabs that are in the background for more than 5 minutes and take no significant actions.
How to activate Site Isolation in Chrome?
The new mode of isolation activates for 99% of Chrome 77 users and also on Android devices equipped with at least 2 GB of RAM (for 1% of users, the mode remains disabled to monitor performance).
For those interested in enabling this, you can enable or even disable this function manually through settings "Chrome: // flags / # enable-site-per-process".