In Chrome 77, Android users will now have the benefit of site isolation, a security feature developed by Google for its market-leading browser. According to Mountain View, the tool provides the best possible defense against attacks like the infamous Spectre CPU flaw.
Google has been using site isolation as a default features since Chrome 67 on desktops such as Mac, Windows, Linux, and Chrome OS. However, it is now coming to Android users who will receive the ability to protect against web-based attacks that are deployed through side channels.
Leading the abilities of site isolation is it can protect Chrome against websites that sim to deliver CPU-level attacks. These types of malicious campaigns take advantage of the fact browsers share the same processes across websites.
Google explains how the feature works in a Chromium commit:
“Site Isolation offers a second line of defense to make such attacks less likely to succeed. It ensures that pages from different websites are always put into different processes, each running in a sandbox that limits what the process is allowed to do.
“It also makes it possible to block the process from receiving certain types of sensitive data from other sites. As a result, a malicious website will find it much more difficult to steal data from other sites, even if it can break some of the rules in its own process.”
Google faced some issues moving site isolation to Chrome on Android because it requires high resources. Indeed, on desktop the tool uses 10% to 13% more memory when it is in use.
Of course, smartphones have less memory than desktops so Google says it developers a “lite” version to reduce resource problems. The company says the feature is currently restricted to “high-value” which requires users to log into.