The Meltdown and Spectre security bug, affecting the almost every device made in last two decades, is one of the major bug discovered in the history of computers. This bug affects virtually every personal computer CPU, and also mobile devices powered by Intel and ARM chips. Intel has already stated that they are redesigning their upcoming processors to protect against Spectre bug. However, they are showing no interest in patching the older chips. Many software companies are trying to fix this bug by rolling out updates to their software/ operating systems. The recent one is Microsoft, which brings Intel’s Spectre fixes to its Windows update catalog but also slowing down the performance adequately.
Chrome also join this line-up with the latest Chrome 67 release. The Spectre side-channel attacks use the speculative execution features of most processors to access parts of memory that should be restricted. This Chrome release includes a new Site isolation feature that protects against the Spectre side-channel attacks. Unfortunately, it has also increased Chrome RAM usage as site isolation will require the Chrome to handle more environment variables and also generates more rendered processes.
“Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs,” admits Google software engineer Charlie Reis. “There is about a 10-13 percent total memory overhead in real workloads due to the larger number of processes.” Many Chrome users often point out that the browser uses a lot of RAM. An increase of 10% is significant, especially on systems with 4GB of RAM or less and can make a huge performance difference. Also, this feature is turned on by default in the new version of Chrome.
While it’s good news that Chrome has added protection against Spectre side-channel attacks, the browser’s increased memory usage won’t be welcomed by users who have less memory. However, the Google team has promised to work on reducing the impact of this Site Isolation technology. “Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure,” Reis added.
Users can expect similar patches for other browsers like Firefox and Opera.