Google’s Spectre Fix Increases Chrome RAM Usage by 10 Percent

Google’s Spectre Fix Increases Chrome RAM Usage by 10 Percent

Most vulnerabilities in modern computer systems are patched without any noticeable impact for end users. That’s not necessarily the case with Meltdown and Spectre, which strike at the very heart of microprocessors functionality. A new round of Spectre flaws have appeared, but Google is in the process of adding functionality to desktop Chrome that will block remote execution of Spectre. The downside, however, is Chrome will use even more RAM than it already does.

Spectre targets a feature of microprocessors called speculative execution, which performs calculations that may be needed ahead of time. This increases overall system performance dramatically, but it also opens the door to attacks that can read data in memory that is supposed to remain private. Rolling out patches for both Spectre and Meltdown has been a complicated process, some of which can impact system performance.

Google v67 build of Chrome contains a feature called Site Isolation to combat Spectre attacks. This feature has been available in Chrome since v63, but it was behind a developer flag. Now, it’s on by default for everyone. Site Isolation makes Spectre attacks less dangerous by using a separate renderer for each domain. Chrome has always had a multi-process architecture separated by tabs, but a single tab could render content from multiple domains by way of cross-site iframes or clever JavaScript. That setup could theoretically allow a Spectre exploit to read data belonging to other domains on the page, like your passwords or browser cookies.

Google’s Spectre Fix Increases Chrome RAM Usage by 10 Percent

Enforcing Site Isolation comes with a drawback, though. Using a separate renderer for every domain means more active renderers, and thus, more memory usage. Chrome is already notorious for high RAM usage, but it could be 10-13 percent higher with Site Isolation enabled. This feature already rolled out in the beta and dev channels, so some of you have experienced the effects.

While this feature has rolled out widely, Google says about 1 percent of desktop Chrome users still won’t have Site Isolation right away. Google is holding that group back so it can test the effects and make sure the change is working correctly. They’ll get Site Isolation later if everything goes as planned. The Android version of Chrome has Site Isolation later because of the different OS concerns. It will be an option in v68, though. The iOS version of Chrome runs on Apple’s rendering engine because of platform restrictions, so Google can’t make any rendering changes there.

Continue reading

Pfizer Claims New COVID-19 Vaccine 90 Percent Effective
Pfizer Claims New COVID-19 Vaccine 90 Percent Effective

There have been a number of COVID-19 vaccines in development in the United States and around the world, and one of them has shown some very positive preliminary results in its Phase 3 trial. One particular vaccine developed by Pfizer and German firm BioNTech appears to be more than 90 percent effective in preventing symptomatic…

Apple’s New M1 SoC Looks Great, Is Not Faster Than 98 Percent of PC Laptops
Apple’s New M1 SoC Looks Great, Is Not Faster Than 98 Percent of PC Laptops

Apple's new M1 silicon really looks amazing, but it isn't faster than 98 percent of the PCs sold last year, despite what the company claims.

Space Mining Gets 400 Percent Boost From Bacteria, ISS Experiments Show
Space Mining Gets 400 Percent Boost From Bacteria, ISS Experiments Show

We'll need lots of raw materials to sustain human endeavors on other planets, and a new project on the International Space Station demonstrates how we can make space mining over 400 percent more efficient.

Cyberpunk 2077’s PC Player Base Has Shrunk 79 Percent Since Launch
Cyberpunk 2077’s PC Player Base Has Shrunk 79 Percent Since Launch

CD Projekt Red's latest game has seen a steep player drop off — steeper than usual for a game of this size — but it's probably not a problem for the title long-term.