As new variants of the dreaded Spectre CPU vulnerability have come to light, developers are making moves to patch and protect against the attacks. The core updates from Intel include a patch to thwart the now fourth Spectre variant but users who enable the fix have been warned that CPU performance could be affected negatively to the tune of 8% in performance drops.
While I do recommend updating to the latest firmware if possible (the performance loss is more than negligible but the alternative is the cost of your security. No question in my mind), major browser developers are taking their own steps to protect users against the infamous security flaw.
Google has announced this week that the recently upgraded “Site Isolation” feature for Chrome will now be activated by default for 99% of its users across Windows, Mac, Linux, and Chrome OS.
Introduced in Chrome 63, Site Isolation was being rolled out gradually as its focus was geared more towards the Enterprise sector that often demands a higher level of security than the average consumer. Until now, the feature was disabled by default as the “sandboxing” environment it creates for each new page rendered requires more resources from your device.
Now, thanks in part to the growing fear of security flaws such as Spectre and Meltdown, the Chromium developers have decided to take a preemptive strike by turning on the Site Isolation feature. This is great news for the average user who may be in the dark on how to best protect themselves online.
However, no good deed goes unpunished.
The positives that result from Site Isolation, in my opinion, greatly outweigh the negative but Google has been very forthright that this feature can greatly impact RAM usage in the Chrome browser.
Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs: on the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure.
Google Security Blog
Historically, Chrome has been branded a resource hog. As much as I’d like to sit and argue that there’s quite a bit of sensationalism surrounding those claims, that’s a discussion for another day. Instead, I’ll just leave an article here for you to peruse at your leisure. It gives some good real-world stats on Chrome’s actually memory consumption compared to another well-known browser.
With that being said, we use Chrome almost exclusively around the office. We write, edit, develop websites, consume media and create graphics(with Wep Apps) and we do it completely in Chrome. On the very rare occasion my browser hiccups, it’s usually because I’m pushing my device to its limits. I’m fairly confident that moderate to even heavy users should still see little performance loss by Chrome’s Site Isolation feature.
For now, it appears that you will still be able to enable/disable Site Isolation in
chrome://flags if you genuinely don’t want it turned on but please be aware of the risk, albeit small, that you are taking.
To learn more about Site Isolation and Chrome’s Spectre mitigation process, head over to the Google Security Blog.