Google Chrome browser includes a security feature called Strict Site Isolation which hardens the security of Chrome browsers and can provide protection against some vulnerabilities. The feature is enabled in Google Chrome. According to Google, “When you enable site isolation, content for each open website in the Chrome browser is always rendered in a dedicated process, isolated from other sites. This creates an additional security boundary between websites”.
Browsers today are built on multi-process architecture. They use memory protection, access control, speed, and security. Once the browser is, each browser tab is allocated a separate process so that the crash in one web page doesn’t damage other unrelated tabs running in parallel. In other words, it simply protects the integrity of the whole web browser. Using a separate process for browser tabs will provide a user with the benefit of protecting it from malfunctions.
Modern-day browsers come with an additional layer of security to limit the damage that attackers can cause. It uses two processes called the Browser process and the Renderer process. The browser process manages the UI and tab of the browser, and renderer processes are specific to the tab only. These renderer processes use open-source tool engines for translating and laying out HTML. The renderer and browser processes communicate via the Chromium IPC system to maintain the global state.
The Strict Site Isolation feature runs each website in its own isolated process and ensures that the processes are limited to the website, improving stability and security. Sometimes due to some security flaws, the malicious websites enter the other data inside the browser, which may grant hackers access to your login credentials. Strict Site Isolation is additional security against such bugs. With this feature enabled, each website will run in a Sandbox, and the processes will be limited to that website solely.
This means the attackers won’t be able to interact with or steal the content from your accounts on other websites. Also, crashing one tab won’t take the entire Window with it. Site Isolation protects your browser against ransomware and other malware and controls Spectre processor security vulnerabilities.
The Strict Site Isolation feature was aimed at enterprises but can be used by anyone to add a new layer of security in the Chrome browser. While this feature will help harden the security but will also increase memory usage by approximately 10–20%. So if your computer RAM is already low, you might not want to try this feature.
Enable or Disable Strict Site Isolation in Chrome
There are two ways to enable or disable Strict Site Isolation in Chrome.
- Chrome flags
- Using the Target method with shortcuts
Any user can set this up, and there is no need for an admin account.
Enable Strict Site Isolation via Chrome flags
- Open Chrome.
- Type chrome://flags in the address bar and hit the Enter key.
- Press Ctrl+F and look for Strict Site Isolation.
- Click Enable to turn the feature ON.
- As you click Enable, a Relaunch Now button will appear.
Relaunch Chrome to make the changes take effect. The browser will relaunch with all your tabs open.
Enable Strict Site Isolation by changing the Target
Right-click the Chrome icon and select Properties.
Under the Shortcut tab, in the ‘Target’ field, paste ‘–site-per-process’ after the quotation marks with space.
So the target should now appear as:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --site-per-process
Now use this shortcut or icon to launch Chrome browser.
Strict Site Isolation Protects against Spectre Vulnerabilities
Spectre & Meltdown Vulnerability breaks the isolation of applications. It is a code used by hackers to steal your private and personal data from the processes running on other websites. This data may include your login details too. In other words, Spectre Vulnerability lets a process read and steal the data of any other processes.
Thankfully, the Strict Isolation Feature of Chrome now protects against this perilous malware. While the feature is still not enabled by default in Chrome, you can do that manually by using the two methods mentioned above. Strict Site Isolation, when enabled, will let the websites run in isolation, and the processes will be limited to that website only. This will further protect you and your data against Spectre Vulnerability.
While it is not that easy for attackers to access the processes of websites running in other tabs, it is still recommended to be careful and stay safe. It is always advised to keep all your devices updated with the latest available version of the operating system and other software running on your machines.
Why does Chrome say your connection is not private?
Your browser cannot verify the safety of a website when it shows the “your connection is not private” error. The browser issues this warning message to prevent you from visiting the site because visiting an unsafe or insecure site may put your personal information at risk.
Should I choose a private or public network?
If you are in a public place such as a Cafe or Railway station, then it’s best to choose Public Network. However, you can choose private if you are in a relative’s or friend’s house. So it all depends on where you are and how much trust you can put in the wifi network.