The recent rise of Spectre vulnerabilities that allows malicious code to hijack sensitive data is being addressed in the latest version Google Chrome. The latest security blog from the browser’s blog gives insight on Chrome’s ability to mitigate the issue by using the site isolation mechanism.
Site Isolation Will Protect Google Chrome From The Spectre Vulnerability
The rise of the Spectre vulnerabilities with their capability of hijacking sensitive information using simple code has raised serious concerns among hardware vendors and software developers to find ways quickly to resolve any possible abuse. The Google Chrome development team recently announced in a blog post that they are adding Site Isolation — the feature will be enabled in all versions since Chrome 67. To this date this feature was available as an optional function that the users needed to enable manually.
By itself the addition of this mechanism changes Google Chrome’s underlying architecture into limiting the way different sites are processed. By design the browser featured a multi-process operation which defined each tab to a separate rendered process. The different tabs can even switch processes when navigating to a new site in certain situations. However the Spectre vulnerability proof-of-concept attacks do show a hypothetical attack model. It allows hackers to construct malicious pages revealing sensitive data.
An example would be the use of cross-site iframes and pop-ups which in many cases are processed in the same (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/google-chrome-mitigates-spectre-vulnerability-via-site-isolation/