Google Quietly Enables 'Site Isolation' Feature for 99% of Chrome Desktop Users

Google has quietly enabled a security feature called Site Isolation for 99% of its desktop users on Windows, Mac, Linux, and Chrome OS. This happened in Chrome 67, released at the end of May. From a report: Site Isolation isn't a new feature per-se, being first added in Chrome 63, in December 2017. Back then, it was only available if users changed a Chrome flag and manually enabled it in each of their browsers. The feature is an architectural shift in Chrome's modus operandi because when Site Isolation is enabled, Chrome runs a different browser process for each Internet domain. Initially, Google described Site Isolation as an "additional security boundary between websites," and as a way to prevent malicious sites from messing with the code of legitimate sites.

10%

[phantomfive]

10% memory usage increase, according to the article. Defends against spectre and meltdown somewhat.

Re:10%

[Z00L00K]

But is the site isolation complete so that all cached info is now tied to the site you browse and third party cookies and cached data as well is living in total separation?

Re:10%

[phantomfive]

I was wondering that, too. Merely forking the code isn't enough, if your stored passwords get forked, too. I didn't wonder enough to read the source code, though.

Re:10%

Chrome is the worst memory pig I have ever seen. No other application on the face of the Earth is this out of control.

This latest "feature" just makes a do-not-want monster bigger.

Why not put all this supposedly desirable functionality into a "new private window"'s abilities? That way we can actually avoid it, and its many penalties, most of the time.

Chrome's new job, apparently, is to sell RAM chips.

Re:Registered /.ers review of the Win64 model

[DontBeAMoran]

We need this running on a Raspberry Pi Zero, so I can have an independant DNS server internally that all our devices can connect to it (Nintendo, Playstation, Xbox, PCs/Macs, smartphones, tablets, etc).

Chrome/Google is too powerful

People always complain about the "nanny state". But I see far more "nanny corporations". Including people violently defending their nannied passive-living state.
In both cases, it as bad and wrong. And it can only be done because a lever of power was given to egomaniacal pieces of shit.

I would say "Let's switch to Firefox", but they have been doing he same shit.

In fact, is seems globally fashionable. Apple, Microsoft, Canonical, Gnome, KDE, Google, Mozilla, they ALL do it. Like it's just "normal". When really, it should be criminal, and punished with prison, IMHO. (Sorry, it might sound extreme, but if you think about the harm of the long-term consequences, it is very much warranted, I think.)

I'm writing my own OS shell, where the user is the boss, full stop, and it will not stop you from cutting your own figurative head off. Just to get rid of ALL that shit.
I'm afraid in today's passive-thinking livestock culture, it might become very unpopular. But so be it. At least then I can tell who's still an individual.
But I digress ...

Re: Chrome/Google is too powerful

So, you are rewriting xfce, or fluxbox?

Anti-spectre defense

This is a bit of extra hardening against spectre-class side-channel spying, many of such side-channels are squashed by context switches from a process to another (threads do not do a complete context switch, since they share memory maps. full processes, do).

Huh.

[waspleg]

I was under the impression they were already doing that. I don't use Chrome, though, so I guess I didn't notice.

Is it just for the URL in the address bar?

[dwywit]

Or does it cover each and every third-party domain, e.g. all the advertising domains pinged by landing on a web page?

Those domains are just as dangerous, if not more so, than the domain shown in the address bar.

Re:Is it just for the URL in the address bar?

It’s every document, including iframes and pop ups. It was a pretty big change and a multi-year effort because it means every event that impacts an out-of-domain iframe has to be RPC’d across processes.

Re: Is it just for the URL in the address bar?

So when you visit a.com and b.com and both make you pull something from google.com it is ensured that all the stuff from google.com runs inside the same process?

Wow, that's great, and complex, but who would want that except google, Facebook, and similar?

Re: Is it just for the URL in the address bar?

I guess it's two processes for the two calls to Google, why should it be one?

Disabled by default?

[iamagloworm]

99% of users? I am on the latest chrome and it was disabled for me. Check at chrome://flags/#enable-site-per-process

Re:Disabled by default?

[Gavagai80]

Same for me, on Chrome 67. Perhaps it's only enabled for new installations for now?

Re:Disabled by default?

[onco_p53]

Yes off for me as well, thanks for the link to change the option.

Re:Disabled by default?

[Pepsiman]

The description of the flag says:
"When disabled, the site isolation mode will be determined by enterprise policy or field trial."

The flag is shown as disabled for me, but it's obvious from Chrome's task manager that site isolation is enabled.

Re:Disabled by default?

[arglebargle_xiv]

99% of users? I am on the latest chrome and it was disabled for me. Check at chrome://flags/#enable-site-per-process

I've tried this with my copy of Chrome and it reports: "Firefox error: The address isnâ(TM)t valid". I'm running Chrome version.... um, 61 "Quantum". Maybe that's the problem, I need to wait for Mozilla to release version 67?

Re:Disabled by default?

[Actually,+I+do+RTFA]

Same for me, on Chrome 67. Perhaps it's only enabled for new installations for now?

Given the number of users Slashdot has, and the sampling bias in reporting bugs, it seems far more likely you and the GP are just still part of the 1%.

Re:Disabled by default?

That's not how you check if it is enabled. From Howtogeek (https://www.howtogeek.com/fyi/google-chrome-will-start-using-10-more-ram-now-thanks-to-spectre/):
How to Check Whether Site Isolation is Enabled in Chrome

Assuming you have a ton of tabs open already, you can open up Google Chrome’s Task Manager (Under Menu -> More Tools) and look for processes that say “Subframe:” and show a URL that is clearly not something you’re browsing directly—for instance doubleclick.net or 2mdn.net, which are iframes for ads.

As long as you see the subframe processes, Site Isolation is enabled on your system.

How to Enable or Disable Site Isolation in Chrome (But You Shouldn’t Disable It)
To check whether this is enabled, or disable it should you choose (which we don’t recommend), you can head to chrome://flags#enable-site-per-process in your location bar, and then set the toggle for Strict Site Isolation to either Enabled or Disabled. You could also add a command line flag to start Chrome with –site-per-process, but that’s a lot of work.

You’d think the first option would control it, but even if site isolation is set to Disabled, the option below for “Site isolation trial opt-out” actually controls whether you’ve been opted into it. As of right now, Google has enabled Site isolation for almost everybody, so you’ll need to set the “trial opt-out” setting to “Opt-out” in order to turn this off. Which, again, you should not mess with.

It’s worth noting that even if you disable it, at some point Google will probably make this the default behavior and remove the ability to disable it, because site isolation is a lot more secure.

Re:Disabled by default?

Firefox and Chrome are not the same browser.

Quit trying to change Chrome flags in your Firefox browser and you might have better luck.

Re:Disabled by default?

[Gavagai80]

Well, it's nice to finally be part of the 1% even if it's the wrong 1%.

Re:Registered /.ers review of the Win64 model

[nullbort]

https://pi-hole.net/

Well great

[Niobe]

Now I don't need to turn it on manually.

Re: Registered /.ers review of the Win64 model

Never go full retard

So the approved ads

[AHuxley]

really know the user is looking and only approved ads get displayed.

Re:Registered /.ers review of the Win64 model

[f3rret]

The switched your meds again, eh?

Re:F3rret FAKE NAME fuck... apk

[f3rret]

Actually dude my legal name is f3rret.

Re: Isolate yourself from harmful ads/sites... apk

You've been told many times to stop spamming, yet you refuse to comply. Your hosts file program has nothing to do with Chrome's site isolation and you know it. The penalty for non-compliance will be more "God's gift" posts. If you don't like it, then stop spamming Slashdot about hosts files. Otherwise, I'll continue to fight fire with fire.

Re:Registered /.ers review of the Win64 model

[DontBeAMoran]

Thank you.

Is this just Specter, etc?

[Actually,+I+do+RTFA]

Since the pages can communicate to each other (and presumably access information on each other as allowed by the JS spec), is this just about protecting people from Specter, etc?

Re:Is this just Specter, etc?

[Specter]

Muhahaha! There is no protection from me!

You're a WEASEL then... apk

See subject weasel (which is all ferrets are, I used to shoot them in my uncle's chickencoop on his farm as a boy): You're a shitweasel & a liar too!

APK

P.S.=> Piece of crap you are (& you know it cocksucker)... apk

Re: You're a WEASEL then... apk

You failed to shoot the biggest weasel of all. Otherwise, you wouldn't be posting here.

Isolate yourself from harmful ads/sites... apk

On ANY PC browser via APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between characters & download).

Yields more security/speed/reliability/anonymity vs. any SINGLE solution (99% of threats = hostnames vs. IP address that most firewalls use) more efficiently/FASTER + NATIVELY 4 less.

(Vs. "Bolt on 'MoAr' illogic-logic" competitors slowing you, hosts speed you up 2 ways (adblocks + hardcodes u spend most time @) vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads (messagepass ('souled-out' to advertiser addons) + filtering drivers) & their complexity leads to exploitation).

* ONLY 1 of its kind in GUI on Linux!

Better vs. Windows model in speed/efficiency/merge.

APK

P.S.=> Best program of its kind bar-none & better vs. browser addons + other competitors (full of bugs, excess resource use, slowdown + complexity)... apk

Registered /.ers review of the Win64 model

Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016

his hosts program is actually pretty good by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015

I like your host file system by Karmashock September 09 2015

that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

* Best part's Linux 64-bit model's faster/more efficient (2x work & 1/2 the time)!

APK

P.S.=> For a faster/safer/more reliable internet... apk

F3rret FAKE NAME fuck... apk

F3rret FAKE NAME fuck, I could be on every "med" there IS & be 10x the man a PIECE OF FUCKING SHIT you & "your kind" are motherfucker & you KNOW it!

* Your kind has NO BALLS - you're just like "ANTIFA" pussies, HIDING behind masks ACCOMPLISHING ZERO of WORTH w/ your WASTED loser lives...

APK

P.S.=> Truer words were NEVER SPOKEN on /. (or any other site that caters to SHITWEASELS like you, you little cocksucker)... apk

WoW! "BigShot JULZ" fake name, lol... apk

Now that I ran your FAKE NAME for your FAKE LIE of a SOCKPUPPETEER online wasted LIFE of a do-nothing "ne'er-do-well" no-mind ass DRY of downmodpoints you abuse you're spouting bullshit proving you're an idiot, dimwit.

* STFU, loser: "4 digit DO-NOTHING DOUCHE" = YOU (big honor (lol, not)).

HIDING BEHIND YOUR "ANTIFA MASKS" You're pieces of pussy SHIT just like them...

APK

P.S.=> Truer words were NEVER spoken on LOSERS like you douchenozzle (lol)... apk

Look @ the ANTIFA punk hiding

Look @ the ANTIFA punk hiding, lol - you're just a piece of shit do-nothing "ne'er-do-well" HIDING behind a mask of anonymous UNIDENTIFIABLY & nothing more - threaten me pussy? Tell you what:

* I don't OBEY or LAY DOWN to no good WASTES OF LIFE like you & "your kind"...

APK

P.S.=> You know you're just a piece of shit & everyone KNOWS it's not me posting those "god's gift" posts but rather YOU impersonating me - is THAT the "Best ya Got", loser? Apparently so... apk

Re: Look @ the ANTIFA punk hiding

Very few people want your spam posts on this site, yet you post them anyway. You have no respect for the people on this site. I see no reason why anyone here should show you any respect since you show us none at all. The "God's gift" posts will continue and will be posted when you post spam. Those posts clearly annoy you, or else you wouldn't angrily respond to them. Perhaps the negative reinforcement will eventually convince you to stop spamming.

Re: F3rret FAKE NAME fuck... apk

Wow, you really are butthurt.

I am God's gift to you rotten bastards... apk

See subject & APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between characters & download).

Yields more security/speed/reliability/anonymity vs. any SINGLE solution (99% of threats = hostnames vs. IP address that most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

(Vs. "Bolt on 'MoAr' illogic-logic" competitors slowing you, hosts speed you up 2 ways (adblocks + hardcodes u spend most time @) vs. competition loaded w/ bugs (DNS/AntiVir) + their overheads (messagepass ('souled-out' to advertiser addons) + filtering drivers) & their complexity leads to exploitation).

* ONLY 1 of its kind in GUI on Linux/BSD!

(Much better vs. Windows model in speed & efficiency + new "merge" feature)

APK

P.S.=> I use Firefox on Linux & it works like a DREAM w/ hosts. You rotten bastards can benefit from my greatness as God's gift to you... apk

You rotten bastards like & use my work... apk

Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016

his hosts program is actually pretty good by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015

I like your host file system by Karmashock September 09 2015

that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

* Best part = Linux 64-bit model's faster/more efficient (2x work in 1/2 the time)

APK

P.S.=> For a faster/safer/more reliable internet. Even you rotten bastards can benefit from my greatness. God's gift to Slashdot will NEVER be silenced... apk

Re: F3rret FAKE NAME fuck... apk

It takes a real faggot to post what you just posted. At least a faggot like you isn't going to reproduce.

You FEAR me "shekel boy", lol... apk

You FEAR me "shekel boy", lol - otherwise you'd post using a REAL name identifying yourself (I do, but then I don't FEAR your Saul Alinsky ILLUSION & other BULLSHIT you use on others).

* Ah, yes - it's EXCELLENT eliciting not only your RESPONSES but seeing you CHOKED OFF on making your "GOLDEN CALF's" udders DRY UP (w/ your 'downmodpoints' you farm via SOCKPUPPETS to abuse vs. me which I EASILY OUTTHINK/OUTSMART you on lol - your DOLTISH brains are THAT easy to get the better of...)

METALLICA "Seek & DESTROY" https://www.youtube.com/watch?... (that's my tune to "your kind" & I'm executing it, lol - best part is I give folks what they want/need, you do the opposite, THUS I win (always)).

APK

P.S.=> Hahahahaha (yes, that's right - I'm LAUGHING @ your kind in the SYNAGOGUE OF SATAN behind it all - taking what you VALUE MOST - your STOLEN GOLD you're known & SHUNNED thru all history for in your thieving ways taught to you by your TRUE "God", Satan himself (& you know it scumbag))... apk

Re: You FEAR me "shekel boy", lol... apk

I'm not modding you down, dipshit. I'm posting parodies of you. They're the "God's gift" posts that you're butthurt about. They will continue to be posted until you stop posting spam and personal attacks.

Only way you'll reproduce?

Only way you'll reproduce is BUYING pussy - but pussy you can buy != worth having, lol (& you know it, but it's ALL "your kind" can manage, illusion & SELF-delusion).

You FEAR me "shekel boy", lol - otherwise you'd post using a REAL name identifying yourself (I do, but then I don't FEAR your Saul Alinsky ILLUSION & other BULLSHIT you use on others).

* Ah, yes - it's EXCELLENT eliciting not only your RESPONSES but seeing you CHOKED OFF on making your "GOLDEN CALF's" udders DRY UP (w/ your 'downmodpoints' you farm via SOCKPUPPETS to abuse vs. me which I EASILY OUTTHINK/OUTSMART you on lol - your DOLTISH brains are THAT easy to get the better of...)

METALLICA "Seek & DESTROY" https://www.youtube.com/watch?... (that's my tune to "your kind" & I'm executing it, lol - best part is I give folks what they want/need, you do the opposite, THUS I win (always)).

APK

P.S.=> Hahahahaha (yes, that's right - I'm LAUGHING @ your kind in the SYNAGOGUE OF SATAN behind it all - taking what you VALUE MOST - your STOLEN GOLD you're known & SHUNNED thru all history for in your thieving ways taught to you by your TRUE "God", Satan himself (& you know it scumbag))... apk

Ah, I can hear those shekels goin' away

You FEAR me "shekel boy", lol - otherwise you'd post using a REAL name identifying yourself (I do, but then I don't FEAR your Saul Alinsky ILLUSION & other BULLSHIT you use on others).

* Ah, yes - it's EXCELLENT eliciting not only your RESPONSES but seeing you CHOKED OFF on making your "GOLDEN CALF's" udders DRY UP (w/ your 'downmodpoints' you farm via SOCKPUPPETS to abuse vs. me which I EASILY OUTTHINK/OUTSMART you on lol - your DOLTISH brains are THAT easy to get the better of...)

METALLICA "Seek & DESTROY" https://www.youtube.com/watch?... (that's my tune to "your kind" & I'm executing it, lol - best part is I give folks what they want/need, you do the opposite, THUS I win (always))...

APK

P.S.=> Hahahahaha (yes, that's right - I'm LAUGHING @ your kind in the SYNAGOGUE OF SATAN behind it all - taking what you VALUE MOST - your STOLEN GOLD you're known & SHUNNED thru all history for in your thieving ways taught to you by your TRUE "God", Satan himself (& you know it scumbag))... apk

Ever see Dr. Strange?

It pleases me to KNOW you're MY SLAVE dancing to MY TUNE (using up your WASTED life's time doing so). Everyone KNOWS it's you, & when you do it I post your threat proving YOU are doing it https://yro.slashdot.org/comme...

See subject: YOU ARE MY PRISONER & I can keep this up forever, lol... "JudeMammu"!

(Again, EASILY NULLIFYING your "BITCH TACTICS" shekelboy as always... lol!)

* You're TOO STUPID to live...

APK

P.S.=> You're just heading into those ovens again, lol... apk

Re: Ever see Dr. Strange?

It's too bad your parents didn't burn in the Nazi ovens.

Aw, poor Juden shekelboy, lol... apk

See subject: Don't worry - the "Golden Calf" of your shekels dries up! I give folks what they want vs. your machinations, lol & THUS I always will win... & you KNOW it.

* Heck - you're PROVING IT via your EASILY NULLIFIED "Bitch Tactics 'efforts'" which I easily prove are you in seconds by posting your PUNY threats... lmao!

(You really ARE too STUPID to live... time to FIRE UP THE OVENS again & Zyklon B showers).

Ever see Dr, Strange? Keep it up, that's EXACTLY what I want "JudenMammu" - you're MY prisoner.

LASTLY Don't speak for "Everyone" JUDE - you're the HATED minority ALL THRU HISTORY only fooling YOURSELVES, lol - self deluded morons & thieves.

APK

P.S.=> Dance little Jude, dance - to MY TUNE as I see you lose all that STOLEN GOLD/SHEKELS, lol - slowly (oh, SO slowly, painfully, as your kind fell into your OWN trap of debt, lol)... apk

Re: Aw, poor Juden shekelboy, lol... apk

Time to repost this everywhere so that everyone knows what a racist piece of shit you are. Go hide under a white sheet and a pointy hat, motherfucker.

Bet yours did though... apk

See subject: Bet yours did... "amirite"? Bet I am. Of course, you'd LIE as your own beliefs say it's OK TO BE A LIAR & THIEF!

APK

P.S.=> You're an INSANE CULTURE repeating the SAME MISTAKES all thru history due to your DELUDED "chosen ones" LUNACY - repeating the same mistakes over & over again is indicative of insanity when you EXPECT DIFFERENT RESULTS (1,000's of years haven't shown you different yet you do it, lol - makes ME laugh (& so does everyone else))... apk

Seek & DESTROY - Metallica

Khazar Talmudic Jews believe this of all they call goyim/gentiles (any non-jew): Jews = biggest racists of all (for which they "jew guilt" you for no less! They're hypocrites known as thieves all thru history or were Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations nazi german's too? No. Driven into DESERTS ages ago! Don't wonder why after all those exilings above.

Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud.

This is the province of the synagogue of Satan (Pharisees whom Jesus Christ himself kicked to the curb out of the temple & they killed him for it. Jeremiah did the same to them also + the Essenes could not stand them either breaking away from the pharisee corruption):

Mark Zuckerberg stole the Winklevoss twins' code for Fakebook (figures as he is a thieving low jew too).

Maria Abramovic satanist spirit cooker pal of Hillary Clinton the Voodoo queen is a jew https://www.google.com/search?...

Like Hillary Clinton's mentor Saul Alinsky author of rules for radicals book dedicated to Lucifer

"Most Jews do not like to admit it, but our god is Lucifer Â- so I wasnÂ't lying Â- and we are his chosen people. Lucifer is very much aliveÂ" Harold Rosenthal http://www.thetruthseeker.co.u...

Jewish rabbi openly admits to satan worship use white children's blood they kill for passover bread, infiltrating and subverting the catholic church, creating the Jesuit order https://www.youtube.com/watch?... and https://www.youtube.com/watch?...

Barbara Spectre, a jew, tells everyone it's jews orchestrating the muslim migrant problem in Europe https://www.youtube.com/watch?v=MFE0qAiofMQ/ . No migrant raping of women in Poland. Tons in Sweden. Do the math. Use common-sense. This is to get muslims and other goyim/gentiles to wipe one another out as incompatible cultures that will clash and always have.

Rabbi A. Finkelstein ADMITS their greatest enemies are ARABS and WHITES (blacks too) whom they wish to kill one another in a 'theater of war' which they find AMUSING https://www.youtube.com/watch?...

Finkelstein also admits JEWS DID 9/11 (perpetrated by the Mossad & Bebe Netanyahu of ISRAEL) https://www.youtube.com/watch?... profiting by it (and that 3,000 jews employed there did not show up for work that day knowing about it beforehand).

Finkelstein also admits JEWS are going to destroy the U.S. Dollar and dumping it for other world currencies and gold to destroy the United States.

George Soros who funds groups to create division in the USA?? A jew. One who sold his own jew people into death for the nazis.

Zucker now FIRED @ CNN is another frying publicly for lying about "russians" and John Bonifield a producer @ CNN said it is bs. Van Jones did also.

Bernie Madoff (who made off with everyone's money, especially construction union pensions) shows the thieving nature of the JUDEN!

Eric Schmidt had to step down @ JEWgle (a jew).

Adam Schiff (gosh s

Re: Seek & DESTROY - Metallica

Is this on topic?
Can't remember what I was reading before this..

SHEKEL BOY "Bitch Tactics" AGAIN?

SHEKEL BOY "Bitch Tactics" AGAIN via IMPERSONATING me https://yro.slashdot.org/comme... ? LOL, ok how's THIS instead https://yro.slashdot.org/comme... ??

* About "SUMS YOU UP" (zero sum game shunned thru all time & WHY from your OWN doings & beliefs).

APK

P.S.=> TURN THE OVEN UP TO "FRY"... apk

Site/Tab isolation

[EdmundSS]

What I'd like to see is more extensive than that: If you log in to a website in tab A, then tab B has no access to that (especially cookies) unless tab B is created off tab A (e.g. Open in New Window), or explicitly authorised.