The latest version of Google's Chrome browser implements a mechanism designed to protect users from speculative execution side-channel attacks like Spectre, but there is a performance trade-off—it uses more system memory than before.
That is an unfortunate (if perhaps necessary) side effect for the benefit of added security. The feature is called "Site Isolation" and is turned on by default in Chrome 67, whereas before Chrome users had to edit Chrome's flags to enable it.
"Site Isolation is a large change to Chrome's architecture that limits each renderer process to documents from a single site. As a result, Chrome can rely on the operating system to prevent attacks between processes, and thus, between sites," Google explains.
Chrome was born with a multi-process architecture where different tabs could use different renderer processes. However, the Site Isolation feature narrows the scope, limiting each renderer process to documents from at most one site.
"This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using 'out-of-process iframes'," Google adds.
Google said it's been working on this for several years, independently of Spectre, so the inclusion of Site Isolation was inevitable. The side effect is a 10-13 percent increase in memory overhead in real workloads, due to the increased number of renderer processes that Chrome now has to run, according to Google.
That's a pretty big hit to system memory, especially for a browser that has been known to have memory leak issues. However, the argument is that it's better than potentially compromising sensitive information.
As of Chrome 67, Site Isolation is enabled for 99 percent of users on Windows, Mac, Linux, and Chrome OS. Google is holding back the remaining 1 percent to "monitor and improve performance."
