If Chrome for Android users visit a site where they enter passwords, Chrome will isolate that site from all the other tabs in a separate Android process, keeping the user’s data safe from Spectre-like attacks, Google said today.
Furthermore, Site Isolation, which has been available for desktop users since July 2018, has also been expanded for Windows, Mac, Linux, and Chrome OS users, which now receive protection against more attacks than the original Meltdown and Spectre vulnerabilities.
What is Site Isolation?
Site Isolation is a Chrome security feature that Google started developing as a way to isolate each website from one another, so malicious code running on one site/tab couldn’t steal data from other websites/tabs.
Site Isolation was developed to act as a second layer of protection on top of Same Origin Policy (SOP), a browser feature that prevents websites from accessing each other’s data.
Google developed Site Isolation because browser bugs often allowed sites to jump the SOP barrier and steal user data stored in the browser, created by other sites.
Site Isolation to roll out for some android users
The first of these is that Site Isolation is now available for some Android users. Google said earlier this week that it enabled Site Isolation for 99% of the Chrome Android user base that has a smartphone with 2GB or more of RAM.
On these devices, when users visit a site where they enter passwords, Chrome will spin that site into its own process, to protect the site and the user’s data from Spectre-like malicious code running on other sites.
Protection against more attacks
But while Site Isolation is taking its first steps on smartphones, the feature is expanding on desktops. According to Google, starting with Chrome 77 released last month, Site Isolation on desktops can protect users against more exploit types than the original support for side-channel attacks.