Chrome is Using 10-13% More RAM to Fight Spectre

An anonymous reader quotes PCWorld: The critical Meltdown and Spectre bugs baked deep into modern computer processors will have ramifications on the entire industry for years to come, and Chrome just became collateral damage. Google 67 enabled "Site Isolation" Spectre protection for most users, and the browser now uses 10 to 13 percent more RAM due to how the fix behaves.

"Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs," Googleâ(TM)s Charlie Reis says. "On the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure." It's a significant performance hit, especially for a browser battling a reputation for being a memory hog, but a worthwhile one nonetheless.
Chrome's Spectre-blocking site isolation "is now enabled by default for 99 percent of Chrome users on all platforms."

When will the next gen CPU

[AHuxley]

design fix all this?
No more slow CPU, no more extra RAM used, no more OS software to protect from CPU security flaws. Back to fast and secure CPU design work.

Anyone have a design time line for when this will all be fixed in the CPU again?

Re:When will the next gen CPU

[hcs_$reboot]

Well, there is still competition as who will have their fixed CPUs first..

Re:When will the next gen CPU

I don't expect CPU fixes to come until 3-5 years have passed. This requires a major redesign, it's not just a little fix.

Re:When will the next gen CPU

[arglebargle_xiv]

No more slow CPU, no more extra RAM used, no more OS software to protect from CPU security flaws.

Pick any two. Which do you want?

Re:When will the next gen CPU

[AmiMoJo]

Just buy an AMD CPU. The massive performance killing fixes are not required for them.

Unfortunately it doesn't look like Chrome detects Intel CPUs before enabling this.

Re:When will the next gen CPU

[Megol]

Yes they are required.

Spectre is a collection of related exploits some of which are very hard to use on AMD architectures but not impossible in theory. Meltdown isn't however a problem for AMD but this Chrome design isn't intended to combat Meltdown.

Stupid over-reaction

[GerryGilmore]

Supposedly, the biggest vulnerabilities are from cloud providers due to their extensive use of virtualization in their environs.
However, I've never seen a real server that surfs the web using any browser. Stupidity is rampant, paranoia rules and perspective has completely left the building when it comes to Spectre/Meltdown.
The most difficult "vulnerability" to leverage known to mankind has everyone scurrying like mad while basic security - allowing the Equifax breach, say - gets a passing nod. Well done, guys!

Re:Stupid over-reaction

[mccalli]

Corporate VDI. A lot of the larger corporates are moving away from physical desktops towards having virtual desktops and thin clients.

Re:Stupid over-reaction

[tepples]

A lot of the larger corporates are moving away from physical desktops towards having virtual desktops and thin clients.

How much are these corporates spending on Terminal Server client access licenses (CALs) to allow virtual Windows desktops to work? Or are they instead using virtual FreeBSD or GNU/Linux desktops?

Re: 10-13% more RAM?

[hcs_$reboot]

Except if Chrome takes already 90%

Re:10-13% more RAM?

[Anubis+IV]

Who cares if you're running 32+ GB of RAM. Sucks if you're stuck on that modern new Macbook that caps out at 16 GB...

A) That’s like responding to a car analogy with “who cares if you own a private jet”? Suggesting that people should have 32GB of RAM to run a browser is preposterous.

B) The new MacBook Pros are configurable up to 32GB of RAM...

Re:10-13% more RAM?

[antdude]

Or using old computers like mine with 2 GB & 6 GB of RAM. :(

Re:Maybe I'm just stupid ...

[hcs_$reboot]

Google developers are among the best in the world. A browser is a very complex program, and some algorithms might gain time-complexity by allowing more space-complexity. This is probably what happens here, Chrome is still performant, but in order to keep the same speed it had to sacrifice some 10-13% memory more.

Re:10-13% more RAM?

[Joce640k]

Which Universe do you live in? If I start Chrome with no tabs open I get 7 processes.

One of those processes is using 1.5Gb and has 38 threads.

That's without opening any web pages, just an empty tab. No, I don't have any extensions installed. None.

Separate processes == good

[TeknoHog]

Browsers should be using different processes for different websites anyway, as a general security measure, and I believe they have been aiming to do that already. Since Spectre only allows reading memory within the same process, I don't understand the panic here (though I guess it's different for virtual machines).

We've already had countless issues where developers didn't sanitize their inputs, so a malicious piece of data could do something nasty; crucially, we didn't need Spectre for that. Meltdown is a wholly different beast, but I guess Intel needs to keep up the Spectre panic for AMD.

Re:Spectre bugs baked into modern computer process

[Megol]

Spectre is there for all processors with more than the most trivial support for speculative execution. Yes that includes all modern computer processors.

Meltdown is limited to Intel, some IBM designs and some ARM designs.