Chrome RAM usage up more than 10 percent with new Spectre fix

By Shawn Knight
Jul 12, 2018
Post New Reply
  1. Google recently enabled a new security feature as part of Chrome 67 that aims to mitigate speculative execution side-channel attacks like Spectre. It’s good news for security but as we’ve seen with other fixes, it’ll cost you in terms of system resources.

    As you may recall, such attacks use the speculative execution features of most processors to access sections of memory that should be off-limits to a piece of code. From there, timing attacks can be used to uncover the values stored in the memory meaning malicious code may be able to read any memory stored in its process’ address space.

    According to Google engineer Charlie Reis, a website could use an attack like this to steal information from other websites which violates the Same Origin Policy.

    All major browsers have already deployed some form of mitigations for Spectre but as Reis points out, Google believes the most effective mitigation is offered by approaches like Site Isolation.

    With Site Isolation, enabled by default for 99 percent of desktop Chrome users (Windows, Mac, Linux and Chrome OS) running the latest version of Google’s web browser, each rendered process contains documents from one site at most. As a result, Reis notes, Chrome can rely on the operating system to prevent attacks between processes and between sites.

    Chrome has always had a multi-process architecture where different tabs could use different renderer processes. A given tab could even switch processes when navigating to a new site in some cases. However, it was still possible for an attacker's page to share a process with a victim's page. For example, cross-site iframes and cross-site pop-ups typically stayed in the same process as the page that created them. This would allow a successful Spectre attack to read data (e.g., cookies, passwords, etc.) belonging to other frames or pop-ups in its process.

    When enabled, all navigations to cross-site documents cause a tab to switch processes and puts all cross-site iframes into a different process than their parent frame, using “out-of-process iframes.”

    Site Isolation is a significant change to how Chrome works under the hood and although each renderer process is smaller, shorter-lived and has less contention internally, it does create a larger number of processes which results in a 10-13 percent total memory overhead in real world workloads.

    Reis said it generally shouldn’t cause visible changes for most users or web browsers outside of a few known issues but still, that’s a significant performance penalty, especially on a machine that may already be light in terms of RAM.

    Google is working to optimize the security feature to keep Chrome both fast and secure and plans to add experimental enterprise policies for enabling Site Isolation in Chrome 68 for Android.

    Permalink to story.

     
  2. ForgottenLegion

    ForgottenLegion TS Maniac Posts: 246   +240

    And yet Microsoft still insists on keeping a 4GB Surface base SKU. Kill it off already.
     
    onestepforward and Reehahs like this.
  3. Vulcanproject

    Vulcanproject TS Guru Posts: 428   +464

    Chrome already uses vast amounts of RAM as it is. Maybe it's time for a major overhaul like Firefox has had, mostly for the better.
     
    onestepforward likes this.
  4. FliGuyRyan

    FliGuyRyan TS Rookie Posts: 23   +12

    I've been considering a switch back to Firefox. This might be the straw that breaks the camel's back for me.
     
    onestepforward likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...