By now, you are bound to have heard about 'Spectre,' the ominously dubbed security flaw that affects nearly all modern CPUs. And rightfully so, since the vulnerability revolves around nefarious applications and websites accessing data from areas where they really shouldn’t. To cope with this issue specifically, browsers have developed various security mechanisms, and one such Chrome-specific implementation is Site Isolation.
First introduced in Chrome v63 as an optional security feature, Site Isolation now runs by default since version 67. Technically speaking, it’s quite adept at mitigating speculative execution attacks (on which Spectre is based) due to the sandboxed processes that it uses.
But just like with anything good, it comes at a price — to be specific, performance. So, would disabling Site Isolation improve how Chrome functions? Is it worth the trade-off in security? Let’s find out.
Also on Guiding Tech
Spectre and Site Isolation
Just like any other browser Google Chrome allows you to open multiple websites using different tabs. Before the implementation of Site Isolation, tabs used to share common processes — which makes sense since duplicating tasks would be a waste of system resources. However, that’s a situation ideal for a malicious attack to occur based on flawed CPU design — Spectre.
Modern microprocessors use speculative execution to pre-load data from system memory onto the considerably faster CPU cache as a means to improve overall performance. However, this offers a unique opportunity for malicious code to prompt the CPU to fetch sensitive data into its cache by exploiting shared processes. Once the data is in the CPU cache, it's left unprotected (in contrast to system memory) and can be easily stolen.
Suppose you’ve got a couple of tabs open — one with your bank account, and the other with some random site. In theory, the latter, provided that it has malicious intent, can dive into the CPU cache used by the former tab, and then load and read information ranging anywhere from login details to cryptographic keys.
While it's quite hard to imagine such an incident taking place due to the limited CPU cache (which is just a tiny fraction compared to system memory). The malicious code instead determines exactly what data to steal by comparing the difference in between CPU access speeds. After all, if things are faster than usual, then that's caused by the data being in the CPU cache already by accurate speculation.
Upon discovery of the Spectre vulnerability, browsers started using various workarounds (such as lower resolution timers to decrease the accuracy of determining CPU access speeds) to throw off targeted attacks. However, they aren’t a perfect means to counter Spectre-based threats, hence the reason for Site Isolation.
Site Isolation, as the name suggests, fully isolates tabs from each other by creating separate processes for all iframes (embedded external links), including those that are common to other tabs. Since shared processes play a large part in helping malicious code from monitoring and reading information from other tabs, Site Isolation’s use of independent processes works well in mitigating such vulnerabilities.
Looking into our previous example, with Site Isolation turned on, your bank account portal runs on a completely different process, and shares nothing similar to the other tab. This ‘isolation’ reduces the possibility of stealing information in the event of a breach to minimal.
Increased Memory Overhead
So you must wonder whether Site Isolation comes at a cost to performance due to the additional system memory used up by each independent process — browser tab. According to the Google Online Security Blog, the security implementation uses up to 10-13% more RAM than if the feature is not active in the first place. That means you're better off by enabling it.
Let’s check how accurate this figure is in practice. With no Site Isolation enabled, the screenshot below shows a couple of websites that use many similar iframes. Only the two tabs have separate ongoing tasks, with no independent processes for any of the iframes.
Note: The screenshots are shown using Chrome's built-in Task Manager. To access it, open the Chrome menu, point to More Tools, and then click Task Manager.
The same couple of tabs, with Site Isolation enabled, are shown in the next screenshot. As you can see, there's a significant increase in the number of additional processes due to the iframes used by each site. Further, similar processes are further split into two to mitigate the chances of a successful speculative execution attack. If you do the math (disregarding the Browser and GPU Process tasks), both sites end up using around 33% more memory.
Memory usage is significantly above what's stated by Google. However, consider the figure of 10-13% more of a long-term average. Sites, and even individual webpages, differ in the number of processes and memory required from time to time. Hence the scenario above can be considered more of an outlier.
Regardless, Site Isolation does result in moderate, or in this case, significant increases to memory overhead.
Also on Guiding Tech
Security vs. Performance
Disabling Site Isolation does result in a drop in memory usage and possibly boost the performance on low-end devices. However, Chrome is quite adept at managing available memory by suspending unused tabs. Considering that memory usage varies drastically from site to site, there's no definitive answer. On devices with high system memory, the differences in performance should be negligible.
But here's the catch. Due to the implementation of Site Isolation, Chrome is supposed to drop pre-existing countermeasures against Spectre attacks over time. Hence, disabling it is going to cause even more exposure to malicious attacks.
Weighing the two up, the potential vulnerabilities caused by Spectre, combined with the ever-increasing use of personal data, makes turning off Site Isolation a bad idea. Unless you are surfing on a low-end machine and makes no use of personal data whatsoever, only then should you even consider disabling this vital security feature.
Disabling Site Isolation
Disabling Site Isolation exposes your computer to significant security threats. However, should you want to go ahead and disable the feature, below are the specific steps to do that.
Warning: With Site Isolation disabled, refrain from using personal browsing data on any website. Same goes for storing sensitive information on Chrome, such as passwords.
Step 1: On a new tab, type chrome://flags, and then press Enter to access the Chrome experimental flags.
Step 2: Type Site Isolation into the search bar, and then press Enter.
Step 3: You should see two Chrome flags labeled Strict Site Isolation and Site Isolation Trial Opt Out.
Set the Strict Site Isolation flag to Disabled. Specific devices may have this set to Disabled by default — if that’s the case, do nothing.
Set the Site Isolation Trial Opt Out flag to Opt-Out (Not Recommended).
Then click Relaunch Now to apply the changes.
Step 5: Site Isolation is now disabled. To verify, type chrome://process-internals into a new tab, and then press Enter.
Site Isolation Mode should read as Disabled to denote confirmation. To enable Site Isolation at a later time, go back and change the flags to the way they were before, and restart Chrome.
Also on Guiding Tech
No, It’s Not Worth the Risk
Disabling a critical Chrome security feature such as Site Isolation to reduce memory usage isn’t warranted. Especially considering how each site utilizes memory differently. So any marginal performance gains at the potential cost of your personal information shouldn't be sought after. If you are struggling with performance, you can always consider using an alternate browser such as Firefox Quantum that has a much lower memory footprint compared to Chrome before doing anything rash.