Chrome's method of protecting against Spectre uses more RAM
Google's Chrome browser is better equipped to protect against side-channel attacks, but it comes at a cost.
The latest version of Google's Chrome browser implements a mechanism designed to protect users from speculative execution side-channel attacks like Spectre, but there is a performance trade-off—it uses more system memory than before.
That is an unfortunate (if perhaps necessary) side effect for the benefit of added security. The feature is called "Site Isolation" and is turned on by default in Chrome 67, whereas before Chrome users had to edit Chrome's flags to enable it.
"Site Isolation is a large change to Chrome's architecture that limits each renderer process to documents from a single site. As a result, Chrome can rely on the operating system to prevent attacks between processes, and thus, between sites," Google explains.
Chrome was born with a multi-process architecture where different tabs could use different renderer processes. However, the Site Isolation feature narrows the scope, limiting each renderer process to documents from at most one site.
"This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using 'out-of-process iframes'," Google adds.
Google said it's been working on this for several years, independently of Spectre, so the inclusion of Site Isolation was inevitable. The side effect is a 10-13 percent increase in memory overhead in real workloads, due to the increased number of renderer processes that Chrome now has to run, according to Google.
That's a pretty big hit to system memory, especially for a browser that has been known to have memory leak issues. However, the argument is that it's better than potentially compromising sensitive information.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
As of Chrome 67, Site Isolation is enabled for 99 percent of users on Windows, Mac, Linux, and Chrome OS. Google is holding back the remaining 1 percent to "monitor and improve performance."
Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).