Chrome RAM usage up more than 10 percent with new Spectre fix

[Matrix]

Chrome feeling a bit sluggish? It's not just you

Bottom line: Most web browsers have a reputation of being memory hogs and this certainly won't help their image. In this instance, however, Google is doing the right thing by sacrificing performance in the name of security. Hopefully, the Chrome team will be able to offset the hit in a future tune-up.

Google recently enabled a new security feature as part of Chrome 67 that aims to mitigate speculative execution side-channel attacks like Spectre. It’s good news for security but as we’ve seen with other fixes, it’ll cost you in terms of system resources.

As you may recall, such attacks use the speculative execution features of most processors to access sections of memory that should be off-limits to a piece of code. From there, timing attacks can be used to uncover the values stored in the memory meaning malicious code may be able to read any memory stored in its process’ address space.

According to Google engineer Charlie Reis, a website could use an attack like this to steal information from other websites which violates the Same Origin Policy.

All major browsers have already deployed some form of mitigations for Spectre but as Reis points out, Google believes the most effective mitigation is offered by approaches like Site Isolation.

With Site Isolation, enabled by default for 99 percent of desktop Chrome users (Windows, Mac, Linux and Chrome OS) running the latest version of Google’s web browser, each rendered process contains documents from one site at most. As a result, Reis notes, Chrome can rely on the operating system to prevent attacks between processes and between sites.

Chrome has always had a multi-process architecture where different tabs could use different renderer processes. A given tab could even switch processes when navigating to a new site in some cases. However, it was still possible for an attacker's page to share a process with a victim's page. For example, cross-site iframes and cross-site pop-ups typically stayed in the same process as the page that created them. This would allow a successful Spectre attack to read data (e.g., cookies, passwords, etc.) belonging to other frames or pop-ups in its process.

When enabled, all navigations to cross-site documents cause a tab to switch processes and puts all cross-site iframes into a different process than their parent frame, using “out-of-process iframes.”

Site Isolation is a significant change to how Chrome works under the hood and although each renderer process is smaller, shorter-lived and has less contention internally, it does create a larger number of processes which results in a 10-13 percent total memory overhead in real world workloads.

Reis said it generally shouldn’t cause visible changes for most users or web browsers outside of a few known issues but still, that’s a significant performance penalty, especially on a machine that may already be light in terms of RAM.

Google is working to optimize the security feature to keep Chrome both fast and secure and plans to add experimental enterprise policies for enabling Site Isolation in Chrome 68 for Android.

source

[MagicSahar]

You can check on your PC either your chrome is eating more ram or not.

 

First copy this link and past into address bar of chrome

 

chrome://flags/#enable-site-per-process

 

Check for strick site isolation and if it is enabled as shown in this picture

 

Disable it and Chrome will not eat 13% more of RAM

 

See the second picture.