Google Chrome prevents sites from launching Spectre-like attacks

If you're using Chrome, you now have fewer reasons to worry about Spectre-style security threats. Google has revealed that Chrome 67 for desktop and the matching Chrome OS release enable a previously experimental Site Isolation feature that reduces the chances of intruders using speculative execution side-channel attacks like Spectre. The technique limits the web renderer process to content from a single site, preventing an a ttacker's page from sharing malicious code through an innocent page (say, though cross-site pop-ups or remotely stored scripts). In theory, sinister types can't swipe passwords or other sensitive data while you're visiting otherwise innocuous sites.

The feature "generally" shouldn't break legitimate site behavior. It will, however, put extra strain on your system. Google believes there's a 10 to 13 percent memory overhead compared to earlier versions since it'll need to run processes for each site.

The company promises "additional security checks" in the future, including safeguards when an attack has already been compromised. Mobile users will have protections, too, with Chrome 68 for Android will adding an experimental Site Isolation flag. These initiatives don't guarantee that you'll be immune to Spectre and its kind, but they should cut off some of the more obvious avenues for stealing your info.

Source: Google Security Blog



via Engadget RSS Feed https://ift.tt/2Jieki0
RSS Feed

If New feed item from http://www.engadget.com/rss-full.xml, then send me

IFTTT

Comments

Popular posts from this blog

Evernote cuts staff as user growth stalls

The best air conditioner

We won't see a 'universal' vape oil cartridge anytime soon