Google Chrome browser includes a security feature called Strict Site Isolation which hardens the security of Chrome browsers and can provide protection against some vulnerabilities. The feature is not enabled by default in Chrome 63 but will be enabled in Google Chrome 64. According to Google, “When you enable site isolation, content for each open website in the Chrome browser is always rendered in a dedicated process, isolated from other sites. This creates an additional security boundary between websites”.
Browsers today are built on multi-process architecture. They make use of of memory protection, access control, speed, and security. Once the browser is, each browser tab is allocated a separate process so that the crash in one web page doesn’t damage other unrelated tabs running in parallel. In other words, it simply protects the integrity of the whole web browser. Using a separate process for browser tabs will provide a user with the benefit of protecting it from malfunctions.
Modern day browsers come with an additional layer of security to limit the damage that can be caused by attackers. It uses two processes called Browser process and Renderer process. The browser process manages the UI and tab of the browser and renderer processes are specific to the tab only. These renderer processes use open source tool engine for translating and laying out HTML. The renderer process and browser process communicate via Chromium IPC system to maintain the global state.
The Strict Site Isolation feature runs each website in its own isolated process and ensures that the processes are limited to the website which improves stability and security. Sometimes due to some security flaws, the malicious websites enter the other data inside the browser which may grant hackers access to your login credentials. Strict Site Isolation is additional security against such bugs. With this feature enabled, each website will run in a Sandbox, and the processes will be limited to that website solely.
This means the attackers won’t be able to interact with or steal the content from your accounts on other websites. Also crashing of one tab won’t take the entire Window with it. Site Isolation protects your browser against ransomware and other malware, and also control Spectre processor security vulnerabilities.
Strict Site Isolation feature was actually aimed at enterprises but can be used by anyone to add a new layer of security in the Chrome browser. While this feature will certainly help in hardening the security but will also increase the memory usage by approximately 10–20%. So if your computer RAM is already low, you might not want to try this feature.
Enable Strict Site Isolation in Chrome
Enable Strict Site Isolation via Chrome flags
- Open Chrome.
- Type chrome://flags in the address bar and hit the Enter key.
- Press Ctrl+F and look for Strict Site Isolation.
- Click Enable to turn the feature ON.
- As you click Enable, a Relaunch Now button will appear.
Relaunch Chrome to make the changes take effect. The browser will relaunch with all your tabs open.
Enable Strict Site Isolation by changing the Target
Right-click the Chrome icon and select Properties.
Under the Shortcut tab, in the ‘Target’ field, paste ‘–site-per-process’ after the quotation marks with space.
So the target should now appear as:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --site-per-process
Now use this shortcut or icon to launch Chrome browser.
Strict Site Isolation Protects against Spectre Vulnerabilities
Spectre & Meltdown Vulnerability breaks the isolation of applications. It is a code which is used by the hackers to steal your private and personal data from the processes running on other websites. This data may include your login details too. In other words, Spectre Vulnerability lets a process read and steal the data of any other processes.
Thankfully, Strict Isolation Feature of Chrome now protects against this perilous malware. While the feature is still no made enabled by default in Chrome, you can anyways do that manually by using the two methods mentioned above. Strict Site Isolation when enabled will let the websites run in isolation, and the processes will be limited to that website only. This will further protect you and your data against the Spectre Vulnerability.
While it is not that easy for the attackers to get access from the processes of websites running in other tabs, it is still always recommended to be careful and stay safe. It is always advised to keep all your devices updated with the latest available version of operating system and other software running on your machines.