Chrome on Android is now better protected against Spectre-like hacks

GOOGLE HAS EXPANDED Chrome's Site Isolation feature to Android with the release of Chrome 77.

The anti-hack feature was first introduced by Google in May 2018 with Chrome 67 for desktop and is finally - a whole one year and five months later - rolling out to Android users.

Google started developing Site Isolation to, effectively, isolate different websites on Chrome, with the aim to add an extra line of defence against Spectre and Meltdown-alike side-channel attacks and to prevent malicious websites and attackers from stealing sensitive information, such as passwords and authentication cookies.

"Site Isolation is a large change to Chrome's architecture that limits each renderer process to documents from a single site," Google explained at the time.

"When Site Isolation is enabled, each renderer process contains documents from at most one site. This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using out-of-process iframes".

According to Google, it has now enabled Site Isolation for 99 per cent of the Chrome Android userbase that owns a smartphone with minimum 2GB RAM.

On these devices, Chrome 77 will spin any site that a users visits and enters a password into its own process. Users also have the option to enable the feature for all sites, although this would incur a higher RAM overhead.

"We wanted to ensure that Site Isolation does not adversely affect user experience in a resource-constrained environment like Android," Google said this week in a new blog post.

"This is why, unlike desktop platforms where we isolate all sites, Chrome on Android uses a slimmer form of Site Isolation, protecting fewer sites to keep overhead, Google said in a blog post this week. "More specifically, Site Isolation is turned on only for high-value sites where users log in with a password."

According to Google, the feature will also prevent access to more data types, including network data, stored data and permissions, and cross-origin messaging. µ