Technology news, analysis and review

How to Enable Strict Site Isolation in Chrome

25

Google Chrome

One way to increase security in the Google Chrome web browser is to enable strict site isolation, which causes each page renderer process to contain pages from only a single site at a time, effectively placing them in a per-site sandbox.

Theoretically this could help to mitigate against certain security risks, like those posed by Meltdown and Spectre threats, but it should not be considered a replacement for simply keeping the Chrome web browser up to date with latest versions which often include various security patches.

Strict site isolation is considered a “highly experimental” security mode, and while it’s easy to turn on in Google Chrome it is not without some potential drawbacks, mostly related to resource usage.

How to Enable Site Isolation in Google Chrome

You can enable Strict Site Isolation in Google Chrome for Mac OS, Windows, Linux, Chrome OS, and Android. Here’s how:

  1. Open the Google Chrome browser if you have not done so already
  2. In the URL address bar, enter the following:
  3. chrome://flags/#enable-site-per-process

  4. Find “Strict site isolation” and click on the “Enable” button to the right
  5. Enable Strict Site Isolation in Chrome

  6. Click the “Relaunch Now” button in the bottom corner to quit and re-open Chrome for the change to take effect
  7. Relaunch Chrome

Once Chrome relaunches the Site Isolation feature will be enabled, and each unique website should be placed into its own Chrome process sandbox.

The explanation of Strict Site Isolation offered in the Chrome settings is as follows:
“Highly experimental security mode that ensures each renderer process contains pages from at most one site. In this mode, out of process frames will be used whenever an iframe is cross site”

However, a much more detailed explanation of Site Isolation is outlined on the Chromium site as follows:

Site Isolation is an experimental security feature in Chrome that offers additional protection against some types of security bugs.  It makes it harder for untrusted websites to access or steal information from your accounts on other websites.

Websites typically cannot access each other’s data inside the browser, thanks to code that enforces the Same Origin Policy.  Occasionally, security bugs are found in this code and malicious websites may try to bypass these rules to attack other websites.  The Chrome team aims to fix such bugs as quickly as possible.

Site Isolation offers a second line of defense to make such attacks less likely to succeed.  It ensures that pages from different websites are always put into different processes, each running in a sandbox that limits what the process is allowed to do.  It also blocks the process from receiving certain types of sensitive documents from other sites.  As a result, a malicious website will find it more difficult to steal data from other sites, even if it can break some of the rules in its own process.

What’s the drawback with enabling Site Isolation in Chrome?

Perhaps the most notable drawback is that enabling this feature can lead to increased memory and resource usage by Chrome, particularly if you use and maintain a lot of tabs and windows opened concurrently.

Because it’s experimental, there could be some other issues with the feature, but in testing with several dozen unique tabs open, the most notable difference is simply an increase in memory usage of various Chrome Helper tasks.

Chrome acknowledges that certain developer tools won’t function as expected as well, but that should impact fewer casual users.

If interested, you can read more about Site Isolation in Chrome by reviewing this Chromium page on the topic, and you can find many other Chrome tips here if you’re interested in some other interesting features and capabilities of the cross-platform web browser.

Whether you enable Site Isolation in Chrome or not, for optimal security don’t forget to regularly update your web browser software when updates become available.

Let’s block ads! (Why?)

OS X Daily

Leave A Reply