Ignore the overhead, enjoy Site Isolation – a defense against side-channel attacks
Last year, Google deployed Site Isolation in desktop versions of its Chrome browser as a defense against CPU side-channel attacks like Spectre. The technique renders websites in separate processes to prevent one from interfering with or snooping on another, augmenting browser sandboxing defenses.
On Thursday this week, the Chocolate Factory said it has activated the security mechanism in the Android version of Chrome 77, which debuted last month. The ad biz also extended Site Isolation defenses to protect against fully compromised renderer processes and universal cross-site scripting bugs on desktop versions of Chrome.
The Site Isolation in Android comes with some qualifications because the technique imposes memory overhead of about 3 to 5 per cent. So mobile devices must have at least 2GB ..