Published: Fri, July 13, 2018
Tech | By

Chrome now uses 10-13% more memory thanks to Spectre fixes

Chrome now uses 10-13% more memory thanks to Spectre fixes

If you've noticed that Chrome on the desktop is using more RAM, you're not imagining it. Google has enabled a Site Isolation feature in Windows, Mac, Linux and Chrome OS to help mitigate against the Spectre vulnerability - and it's a bit memory-hungry.

The mitigation is an impressive engineering feat that's created to lessen the damage of attacks that exploit a new class of vulnerability that came to light in January.

"It was still possible for an attacker's page to share a process with a victim's page".

He noted that Chrome always had a multi-process architecture whereby different tabs could use different renderer processes, with a tab even switching processes in some cases when navigating to a different site, but such an architecture could still be exploited. By separating out the rendering processes by site, Chrome can prevent directly reading memory across processes, and utilize the built-in operating system protections against Spectre (which still isn't very clear).

With Site Isolation, a single page may now be split across multiple renderer processes, preventing bad sites from snooping on legit ones. This would allow a successful Spectre attack to read data (e.g., cookies, passwords, etc.) belonging to other frames or pop-ups in its process. As of yet, it remains disabled on Android, though is expected to be enabled in the future.

Although this change won't affect how sites look or developers need to code, the technology will require an additional 10 percent to 13 percent of RAM, because tabs that formerly shared some processes now have to run each process independently. "It also means all cross-site iframes are put into a different process than their parent frame, using "out-of-process iframes", Google adds. The downside, however, is Chrome will use even more RAM than it already does.

Site Isolation separates a site's render process from others which improves security and provides mitigation against Spectre-class vulnerabilites like the recently discovered Spectre 1.1 and 1.2.

"Site Isolation is a significant change to Chrome's behavior under the hood, but it generally shouldn't cause visible changes", Google's Charlie Reis explains.

Tip: Firefox supports a similar feature called First-Party Isolation. Those tweaks make it harder for malicious code to successfully pluck sensitive data out of restricted memory. Unfortunately, there's nothing you can do to reduce that RAM usage, but Google noted that it was offsetting the memory hunger by ending some older Spectre mitigations that also ate up RAM but are no longer necessary.

Like this: