News Categories

Chrome’s Spectre security fixes make it use more RAM

By Koh Wanzi - on 16 Jul 2018, 11:24am

Chrome’s Spectre security fixes make it use more RAM

Image Source: Google

Google says that its fixes for the Spectre CPU vulnerabilities cause its popular Chrome browser to use more memory. In a blog post, the company detailed the new Site Isolation feature – intended to protect against the exploitation of speculative execution features by Spectre – in the latest Chrome 67 release as the cause of the increased memory usage.

According to Google, Chrome 67 could consume up to 13 per cent more system memory, an unfortunate side effect for a browser whose biggest weakness is still its high memory consumption. This exacerbates an ongoing problem for Chrome’s users, especially for those running older systems that have less memory.

This will apply across platforms and affect Windows, Mac, Linux, and Chrome OS systems. The latter could feel the brunt of this change as machines running Chrome OS typically ship with just 4GB to 8GB of RAM.

According to Chrome software engineer Charlie Reis:

Site Isolation is a large change to Chrome's architecture that limits each renderer process to documents from a single site. As a result, Chrome can rely on the operating system to prevent attacks between processes, and thus, between sites.

While Chrome has always had a multi-process architecture that lets different tabs use different renderer processes, it was still possible for an attacker's page to share a process with a victim's page. Google's Reis cited the example of cross-site iframes and cross-site pop-ups staying in the same process as the page that created them, which would allow a successful Spectre attack to read data like cookies and passwords belonging to other frames or pop-ups in the process. 

Image Source: Google

But with Site Isolation, each renderer process can only contain documents from one site:

This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using "out-of-process iframes."

In other words, if a Spectre attack occurs on a malicious web site, data from other pages will generally not be loaded into the same process, so attackers will have access to much less data. 

The increased memory usage is a direct result of this, because it causes Chrome to create more renderer processes. However, each renderer process is smaller, shorter-lived, and has less contention internally.

An Android version is also said to be coming soon, but it's still being held back due to unspecified "resource consumption issues".

Source: Google

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.