The recent rise of Spectre vulnerabilities that allows malicious code to hijack sensitive data is being addressed in the latest version Google Chrome. The latest security blog from the browser’s blog gives insight on Chrome’s ability to mitigate the issue by using the site isolation mechanism.
Site Isolation Will Protect Google Chrome From The Spectre Vulnerability
The rise of the Spectre vulnerabilities with their capability of hijacking sensitive information using simple code has raised serious concerns among hardware vendors and software developers to find ways quickly to resolve any possible abuse. The Google Chrome development team recently announced in a blog post that they are adding Site Isolation — the feature will be enabled in all versions since Chrome 67. To this date this feature was available as an optional function that the users needed to enable manually.
The Spectre vulnerability is very dangerous as web browsers generally run JavaScript code, many of them can be malicious. The Spectre vulnerability allows malware-infected code to use the side channels and potentially harvest data from other sites that are executed in the process thread. This mechanism is directly prevented by the inclusion of site isolation in Google Chrome.
Related Story: CVE-2018-3693: New Spectre 1.1 Vulnerability Emerges
By itself the addition of this mechanism changes Google Chrome’s underlying architecture into limiting the way different sites are processed. By design the browser featured a multi-process operation which defined each tab to a separate rendered process. The different tabs can even switch processes when navigating to a new site in certain situations. However the Spectre vulnerability proof-of-concept attacks do show a hypothetical attack model. It allows hackers to construct malicious pages revealing sensitive data.
An example would be the use of cross-site iframes and pop-ups which in many cases are processed in the same threat. As a consequence a Spectre attack can reveal data in the frames such as the following:
- Cookies.
- User Input.
- Passwords.
- Selected Values.
With Google Chrome’s Site Isolation in place each rendered will process data from at most one place. An additional function called Cross-Origin Read Blocking (CORB) prevents any possible abuse. This mechanism will transparently block cross-site interactive responses (HTML, XML and JSON) without impacting compatibility.
Web developers will need to make sure that web elements are served with the correct MIME types bearing the nosniff repsonse header to avoid issues. For further details see this developer page.
The blog post states that the developers are also actively going to implement further feature additions to secure the browsers against all manners of possible Spectre attacks. Work is being done to port the Site Isolation mechanism to Chrome Android. At the moment there are some known issues that hinder it’s implementation by default. Starting with version Chrome for Android users will be able to manually turn it on by setting up the following flag:
chrome://flags/#enable-site-per-process