Google company about amplification in Chrome mode , which provides processing of pages from different sites in separate isolated processes. The site-level isolation mode allows you to protect the user from attacks that can be carried out through third-party blocks used on the site, such as iframe inserts, or to block data leakage through the embedding of legitimate blocks (for example, with requests to banking services, which may contain authenticated user) on malicious sites.
When separating handlers in relation to a domain, each process contains data from only one site, which makes it difficult to carry out attacks aimed at intersite data capture. On desktop versions of Chrome handlers in relation to a domain, not a tab, implemented since . In a similar mode was activated for the platform Android.
To reduce overhead, site isolation mode is in Android Enabled only if a password is logged in to the page. Chrome remembers the password and enables protection for all subsequent visits to the site. Protection is also applied immediately to a select list of predefined sites popular among mobile users. The selective activation method and added optimizations have kept memory consumption due to the increased number of running processes to an average of 3-5%, compared to the 10-13% observed when isolation is enabled for all sites.
The new lockdown mode has been activated for 99% of Chrome 77 users. Android- devices with at least 2 GB of RAM (for 1% of users, this mode was left disabled for performance monitoring). You can manually enable or disable site isolation mode using the "chrome://flags/#enable-site-per-process" setting.
In the desktop edition of Chrome, the aforementioned site isolation mode has now been strengthened to counter attacks aimed at completely compromising the content handler process. This enhanced isolation mode will protect site data from two additional types of threats: data leaks resulting from side-channel attacks such as Spectre, and leaks following complete compromise of the content handler process through successful exploitation of vulnerabilities that allow for process control but are not sufficient to bypass sandbox isolation. In Chrome, Android Similar protection will be added later.
The essence of the method is that the control process remembers which site the worker process has access to and prohibits access to other sites, even if the attacker gains control over the process and tries to access the resources of another site. Restrictions cover resources related to authentication (saved passwords and cookies), data loaded directly over the network (filtered and bound to the current site HTML, XML, JSON, PDF and other file types), data in internal storage (localStorage), permissions (issued site allowing access to the microphone, etc.) and messages transmitted via the postMessage and BroadcastChannel APIs. All such resources are tagged to the source site and checked on the control process side to see if they can be pulled from the worker process.
Chrome-related events can also be noted Approvals Enabled in Chrome Feature Support , which makes it possible to form links to individual words or phrases without explicitly specifying tags in the document using the "a name" tag or the "id" property. The syntax of such links is planned to be approved as a web standard, which is still at the stage . The jump mask (essentially a scrolling search is performed) is separated from the regular anchor by a ":~:" sign. For example, when opening the link "https://opennet.ru/51702/#:~:text=Chrome", the page will move to the position with the first mention of the word "Chrome" and this word will be highlighted. Feature added to thread , but requires launching with the "--enable-blink-features=TextFragmentIdentifiers" flag to enable.
Another interesting upcoming change in Chrome the ability to freeze inactive tabs, which allows you to automatically unload from memory tabs that have been in the background for more than 5 minutes and do not perform meaningful actions. The decision on the suitability of a particular tab for freezing is made on the basis of heuristics. The change has been added to the Canary branch that the Chrome 79 release will be based on, and is enabled via the "chrome://flags/#proactive-tab-freeze" flag.
Source: opennet.ru
