Chrome gobbles much more RAM due to Google's 'Site Isolation' protection for Spectre CPU flaws

news-details

Chrome gobbles much more RAM due to Google's 'Site Isolation' protection for Spectre CPU flaws | PCWorld

But it's a worthwhile trade-off.

dell chromebook 11 lid march 2014
Image: Michael Homnick
"); }); try { $("div.lazyload_blox_ad").lazyLoadAd({ threshold : 0, // You can set threshold on how close to the edge ad should come before it is loaded. Default is 0 (when it is visible). forceLoad : false, // Ad is loaded even if not visible. Default is false. onLoad : false, // Callback function on call ad loading onComplete : false, // Callback function when load is loaded timeout : 1500, // Timeout ad load debug : false, // For debug use : draw colors border depends on load status xray : false // For debug use : display a complete page view with ad placements }) ; } catch (exception){ console.log("error loading lazyload_ad " + exception); } });

The critical Meltdown and Spectre bugs baked deep into modern computer processors will have ramifications on the entire industry for years to come, and Chrome just became collateral damage. Google 67 enabled “Site Isolation” Spectre protection for most users, and the browser now uses 10 to 13 percent more RAM due to how the fix behaves.

“Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs,” Google’s Charlie Reis says. “On the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure.”

It’s a significant performance hit, especially for a browser battling a reputation for being a memory hog, but a worthwhile one nonetheless. Spectre lets attackers access protected information in your PC’s kernel memory, potentially revealing sensitive details like passwords, cryptographic keys, personal photos, or anything else you’ve used on your computer. It’s bad.

thinkstockphotos 499123970 laptop security Thinkstock

Site Isolation guards against Spectre and has been available as an experimental option since Chrome 63, which released around the time of the Meltdown and Spectre disclosures, but it’s now enabled by default for 99 percent of Chrome users on all platforms.

“Site Isolation is a large change to Chrome’s architecture that limits each renderer process to documents from a single site,” Reis says. “…This means that even if a Spectre attack were to occur in a malicious webpage, data from other websites would generally not be loaded into the same process, and so there would be much less data available to the attacker. This significantly reduces the threat posed by Spectre.”

Google promises further mitigations and memory optimizations in future Chrome updates.

The impact on you at home: Chrome’s Site Isolation is a welcome protection despite the painful RAM hit, but updating your browser is just a small part of safeguarding against Meltdown and Spectre. These complex flaws touch every aspect of your system—CPU firmware, the operating system, software, you name it.

Check out PCWorld’s guide to protecting your PC against Meltdown and Spectre for step-by-step instructions on how to stay as safe as possible, and be sure to keep your security software active to protect against potential attacks trying to leverage the CPU exploits. Our guide to the best antivirus for Windows PCs can help you find the best solution to fit your needs.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.

you may also want to read