Chrome to become Slower, Use More Memory to Tackle Malware

Google is updating the Chrome browser to give it better defenses against major security threats. It comes at the price of reduced performance and a larger memory footprint.

The changes are to address two security bugs labeled Meltdown and Spectre by researchers. They take advantage of a flaw in almost every computer processor built since 1995, which is (as of this day) 100% of all computers, tablets, smartphones, laptops - and anything else that uses a processor.

The flaw is in regard to a processor feature, which is designed to speed up a computer's response time. It works by using spare capacity to guess what tasks are likely to be asked by the user (or programs) to perform next, and then carries out the calculations in advance. This is referred to as speculative computation, or speculative execution.

Unfortunately this process meant some data that's meant to be kept completely isolated could be seen by rogue software - including information such as passwords or personal details. One such threat came from an open web page in a browser, which was then able to access data from another open page.

Site Isolation Limits Risk

After tests among business users, Google is now rolling out a Chrome security feature named Site Isolation. It deals with what happens when two open tabs in Chrome share information, for example when one page opens up a new tab through a pop-up window.

Until now, Chrome has allowed two tabs connected in this way to share the same "process", meaning the computer's processor treats them as a single task to which it can allocate resources.

With Site Isolation, this will now only happen if Chrome is absolutely certain that both tabs are from the same website, removing the risk of a rogue site accessing data from a legitimate one. (Source: chromium.org)

Rollout For The 99 Percent

The downside is that adding Site Isolation will make Chrome a little less efficient, as this means it will need to run more processes. In turn, that will mean the browser will use somewhere between 10 and 13 percent more memory, which may mean that Chrome and other computer applications are slower to respond. Google says it's working to reduce this impact. (Source: googleblog.com)

The update will now be rolled out to 99 percent of Chrome users across all operating systems except for the Android operating system (which Google is still working on). The remaining one percent will still get the update, but Site Isolation will be disabled, with Google using it as a control group to check the impact on performance.

What's Your Opinion?

Is a performance slowdown an acceptable price for increased security? Should the update be optional? Should the rollout go to every user immediately without any control group?