Mitigating Spectre With Site Isolation in Chrome
Charlie Reis (via Justin Schuh):
Speculative execution side-channel attacks like Spectre are a newly discovered security risk for web browsers. A website could use such attacks to steal data or login information from other websites that are open in the browser. To better mitigate these attacks, we’re excited to announce that Chrome 67 has enabled a security feature called Site Isolation on Windows, Mac, Linux, and Chrome OS.
[…]
Site Isolation is a large change to Chrome’s architecture that limits each renderer process to documents from a single site. As a result, Chrome can rely on the operating system to prevent attacks between processes, and thus, between sites. Note that Chrome uses a specific definition of "site" that includes just the scheme and registered domain. Thus, https://google.co.uk would be a site, and subdomains like https://maps.google.co.uk would stay in the same process.
[…]
This means that even if a Spectre attack were to occur in a malicious web page, data from other websites would generally not be loaded into the same process, and so there would be much less data available to the attacker.
See also: Spectre Mitigations in Microsoft’s C/C++ Compiler (via Hacker News).
Previously: Intel CPU Design Flaw Necessitates Kernel Page Table Isolation, Firefox’s Facebook Container, Intelligent Tracking Prevention 2.0.