Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome 63 Offers Even More Protection From Malicious Sites, Using Even More Memory (arstechnica.com)

Posted by BeauHD on from the new-and-improved dept.

An anonymous reader quotes a report from Ars Technica: To further increase its enterprise appeal, Chrome 63 -- which hit the browser's stable release channel yesterday -- includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...]

Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.

6 of 63 comments (clear)

  1. Re:Dunno, more memory? by erapert · · Score: 4, Insightful

    64 bit only gives you 2x 32 bit

    Incorrect. I'll take your nerd badge now. Security will see you out and we will mail your things to you next week. Don't let the door hit you in the ass on your way out.

  2. Memory by ArchieBunker · · Score: 2, Insightful

    Memory is there to be used. I'm not talking about bloat or inefficiency either. Why not take advantage of system resources?

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
    1. Re:Memory by dremon · · Score: 4, Insightful

      Memory is there to be used ... Why not take advantage of system resources?

      This appears to be the greatest motivational slogan for most of the modern software developers.

    2. Re:Memory by thegarbz · · Score: 1, Insightful

      Memory is not there to "be used" it is there to speed up the system. Using memory inefficiently defeats that purpose. That's not to say security isn't a valid purpose, it most certainly is. Just be careful with the blanket statements.

  3. Ahh, web browsers... by phozz+bare · · Score: 4, Insightful

    The web browser: the glorified terminal emulator of the 21st century. Where every kilobyte of input takes a megabyte of RAM. Or fifty. How can it be considered remotely plausible that maintaining the state of 15 tabs (mostly text, some images, no video) requires 5 GB? Surely it must be one of the great mysteries of modern computing.

  4. Should one trust nonfree SW w/ said access? by jbn-o · · Score: 3, Insightful

    The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone.

    In this description one is clearly supposed to trust a nonfree program (Google Chrome) to vet other software's access to the file system, clipboard, webcam, and microphone. But one has no good reason to call Chrome trustworthy. Users have no idea what the Chrome code is doing when it runs because that program is nonfree software. No matter how capable the user is, no matter how willing they are to research and fix problems, Chrome users are not allowed to help themselves by reading the complete Chrome source code, modifying said source code, or help others in the community by distributing Chrome code (whether modified or not). The only users allowed to do these things are the people one ought not trust because they're the proprietor. As a side issue that proprietor happens to be a spy organization. So one should wonder if administrators can block Google Chrome's access to these things too or perhaps that is best addressed by not running Google Chrome in the first place.

    --
    Digital Citizen