Hi Content Embedders!
As you may have seen recently on
chromium-dev or on the
Google Security Blog, we've recently turned on
Site Isolation in Chrome 67 for desktop platforms. This is an important part of our Spectre mitigations, and it tries to minimize the amount of data worth stealing in renderer processes that might attempt Spectre attacks. The main tradeoff is that it requires more renderer processes (e.g., for
out-of-process iframes) and cross-process navigations, leading to about 10-13% total memory overhead in Chrome's measured workloads in practice.
I mention this here for two reasons:
1) You might consider testing and deploying Site Isolation (specifically, SitePerProcess) in your own Chromium-based browsers, to help protect your users from Spectre.
2) As discussed here and in https://crbug.com/856734, we're likely going to make Site Isolation the default mode in Content sometime around M70. This change will ensure that our testing infrastructure covers the mode we ship in Chrome, and we think this should be the general default moving forward. That said, many platforms will still disable it, including Chrome for Android, Chromecast, etc.
Note: We fully intend to preserve the ability of Content Embedders to turn off Site Isolation for the foreseeable future. However, this means you will need to take action in your own browsers to disable it if desired, when the time comes. We haven't made the change yet, but we'll post to this thread with specifics of how to disable it once it happens.
Please let us know if you have questions or concerns about this change, or about the implications of enabling Site Isolation in your own browsers if you choose to do so.
Thanks!
Charlie Reis and the Site Isolation team