•   
  •   

Tech & Science Chrome has a new way to keep Spectre hackers at bay

08:45  13 july  2018
08:45  13 july  2018 Source:   cnet.com

Chrome is killing its 'Secure' URL label in September

  Chrome is killing its 'Secure' URL label in September The Chrome browser's upcoming versions will focus on highlighting its negative security indicators, even going as far as sunsetting its positive ones. Chrome Security Product Manager Emily Schechter has announced that Chrome 69, which will be available in September, will stop marking HTTPS sites as "Secure" on the address bar. Why? Well, because Google wants the default state to be secure. The tech giant already revealed earlier this year that all HTTP-only sites will be marked "Not Secure" in July.

By adding new compartmentalization technology, Google's Chrome browser has taken a step to keep websites from stealing sensitive data. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre , a new type of attack that Google and other researchers

By adding new compartmentalization technology, Google’s Chrome browser has taken a step to keep websites from stealing sensitive data. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre , a new type of attackthat Google and other researchers

a close up of a keyboard: Google's Chrome browser logo © Provided by CNET Google's Chrome browser logo By adding new compartmentalization technology, Google's Chrome browser has taken a step to keep websites from stealing sensitive data.

Since Google first released it publicly in 2008, Chrome has divided work among multiple computing processes. That approach helps keep one tab's work from interfering with what's happening in another. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre, a new type of attack that Google and other researchers revealed in January.

Google released the new security feature, called site isolation, to a limited number of Chrome users starting with the Chrome 67 release in May. Now it's "enabled for 99 percent of users on Windows, Mac, Linux and Chrome OS," Chrome team member Charlie Reis said in a blog post on Wednesday.

Intel details fourth Spectre-style CPU security flaw

  Intel details fourth Spectre-style CPU security flaw Intel said it was scrambling to find more Spectre-like processor security flaws, and unfortunately it just found one. The company (along with Google and Microsoft) has disclosed a fourth exploit (simply titled Variant 4) that once again uses speculative execution to expose some data through a side channel. The attack is so far known to work in a "language-based runtime environment" like the sort you'd see in a web browser (say, JavaScript), although Intel hadn't seen evidence of successful browser-based exploits.

Google has been testing a stricter variation of this type of partitions to protect against Specter , a new type of attack that Google and other researchers revealed in January. "Our team continues to work hard to optimize this behavior and keep Chrome updated and safe," Reis said in the blog post.

By adding new compartmentalization technology, Google’s Chrome browser has taken a step to keep websites from stealing sensitive data. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre , a new type of attack that Google and other researchers

The move shows just how complicated Spectre and the related Meltdown attacks are to thwart. Tech companies that make processors, operating systems and browsers all scrambled to block attackers from using the vulnerabilities to snatch sensitive data like passwords or encryption keys. The problem is severe enough to have risen to the US Congress, where senators griped on Wednesday that they hadn't heard about Spectre sooner.

a screenshot of a cell phone: Chrome's site isolation technology partitions some computing processes to make  it harder for attackers using Spectre to snoop for sensitive data. © Provided by CBS Interactive Inc. Chrome's site isolation technology partitions some computing processes to make it harder for attackers using Spectre to snoop for sensitive data.

Uses more memory

Google's site isolation feature is a major change to Chrome. It affects a core part of the browser called the renderer, which turns website programming code into actual pixels on your phone or laptop screen. With site isolation, Chrome splits renderers into separate computing processes more often to wall off data better.

Google gives Chrome the virtual reality treatment

  Google gives Chrome the virtual reality treatment Google is injecting a little Chrome into its VR platform, bringing the web browser to Daydream headsets, the company announced today. The Mountain View tech giant announced it was working on this quite a while ago, back at I/O 2017.

Chrome has a new way to keep Spectre hackers at bay - CNET. Chrome 's site isolation technology partitions some computing processes to make it harder for attackers using Spectre to snoop for sensitive data.

By adding new compartmentalization technology, Google's Chrome browser has taken a step to keep websites from stealing sensitive data. That approach helps keep one tab's work from interfering with what's happening in another.

Unfortunately, that means Chrome needs more memory. The increase is about 10 to 13 percent for people with lots of tabs open, Google said in a project document. The good news, though, is that site isolation lets Google relax earlier restrictions on monitoring precise timing of browser actions it had adopted to make Spectre attacks harder.

"Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure," Reis said in the blog post. And it's also working to bring site isolation to Chrome for Android, he said.

Site isolation, a ten-year project

Reis has been working on the site isolation technology for a decade, starting with his Ph.D. research, and the Chrome team began about six years ago, Chrome security leader Justin Schuh tweeted.

Eric Lawrence, a former Chrome security team member who now works on Microsoft's rival Edge browser, called the move "an extremely impressive achievement."

Chrome 69 is optimized for notched phones and Android Go

  Chrome 69 is optimized for notched phones and Android Go It hasn't been that long since Chrome 68's stable release, so you'll have to wait a bit longer for the browser's next iteration. Chrome 69 will also double as a media player for Android Go, the scaled-down version of the mobile platform designed for low-end devices. Since the cheapest Android phones only come with the most basic features and components, such as 1GB of RAM, some of them may not even have a built-in media player. Go users who open a media file will be given the option to play it using the browser, so they don't have to download a third-party app anymore.

By adding new compartmentalization technology, Google's Chrome browser has taken a step to keep websites from stealing sensitive data. Google has been testing a stricter variation of this sort of partitioning to protect against Spectre , a new type of attack that Google and other researchers

Too dangerous it way Chrome needs even more memory. Previous Ford decided to keep the US Fiesta ST around for one more year – Roadshow. Next New iPhones, iPad Pros, Mac mini and more — Is this Apple’s 2018 lineup?

"Google invested many engineer-years in a feature that initially seemed hopelessly out of whack from cost/benefit POV [point of view]," he tweeted. Then when Spectre arrived, site isolation suddenly became "an essential defense against a class of attack."

—   Share news in the SOC. Networks

Topical videos: