Google: Chrome now protects you from Spectre password-stealing attacks

Joanna Estrada
July 13, 2018

Google did not reveal what those issues are that are specific to Chrome on Android. This would allow a successful Spectre attack to read data (e.g., cookies, passwords, etc.) belonging to other frames or pop-ups in its process.

This flaw matters more for browsers because they run JavaScript code from multiple websites, often in the same process, which could allow a website to use such an attack to steal information from other websites.

"Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs: on the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes", said Google. By separating out the rendering processes by site, Chrome can prevent directly reading memory across processes, and utilize the built-in operating system protections against Spectre (which still isn't very clear). With Chrome 67, things just got even worse. Thus, https://google.co.uk would be a site, and subdomains like https://maps.google.co.uk would stay in the same process.

Chrome has always had a multi-process architecture where different tabs could use different renderer processes. However, it was still possible for an attacker's page to share a process with a victim's page. From there, timing attacks can be used to uncover the values stored in the memory meaning malicious code may be able to read any memory stored in its process' address space.

It's worth noting that even if you disable it, at some point Google will probably make this the default behavior and remove the ability to disable it, because site isolation is a lot more secure.

"This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using "out-of-process iframes", Google adds.

Site Isolation separates a site's render process from others which improves security and provides mitigation against Spectre-class vulnerabilites like the recently discovered Spectre 1.1 and 1.2. You might need to consider using a tab manager extension. CORB tries to transparently block cross-site HTML, XML, and JSON responses from the renderer process, with nearly no impact to compatibility.

As I'm sure you know, Intel belatedly disclosed-and understated the severity-of two major processor vulnerabilities called Spectre and Meltdown in January.

Other reports by Click Lancashire

Discuss This Article

FOLLOW OUR NEWSPAPER