BF-SIRT Newsletter 2018-27

Chrome Now Features Site Isolation to Defend Against Spectre

A new feature called site isolation is being tapped to protect Chrome users against Spectre.

Google introduced new security mitigations for its Chrome browser to defend against recently discovered Spectre variants.

The new security feature, called site isolation, essentially isolates different browser work processes between various browser tabs. That means one tab’s webpage rendering and functions won’t interfere with what is happening in another. It has now been pushed out to most users of Chrome 67, released in May, for platforms Windows, Mac, Linux and ChromeOS, said Google.

“Speculative execution side-channel attacks like Spectre are a newly discovered security risk for web browsers,” said Google software engineer Charlie Reis in a Wednesday post. “A website could use such attacks to steal data or login information from other websites that are open in the browser.”

Site Isolation is nothing new. It’s been optionally available as an experimental enterprise policy since Chrome 63 for customers. But, said Reis, many known issues have been resolved since then, making it practical to enable by default for all desktop Chrome users.

On Tuesday, more Spectre variants were disclosed –  dubbed Spectre1.1 and a subset, Spectre1.2, collectively referred to as Variant 4 of Spectre by Intel and ARM.

Top 5 Security links

Default router password leads to spilled military secrets
The next generation of WI-FI security will save you from yourself
Update Flash (and Adobe Acrobat) NOW!
Thermanator attack steals passwords by reading thermal residue on keyboardss
Stolen D-Link certificate used to digitally sign spying malware