Mozilla is currently testing a major new security feature for its Firefox browser which will separate every website into its own process.
Site Isolation is designed to prevent Spectre-like side-channel attacks in the popular open source browser.
In a blog post, Anny Gakhokidze, a Senior Platform Engineer at Mozilla working on Site Isolation, explains that it builds upon a new security architecture that extends current protection mechanisms of the browser by making it load each site in its own operating system process.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- Here’s our roundup of the best web browsers
- These are the best endpoint protection tools
- Check our list of the best firewall apps and services
“To fully protect your private information, a modern web browser not only needs to provide protections on the application layer but also needs to entirely separate the memory space of different sites—the new Site Isolation security architecture in Firefox provides those security guarantees,” writes Gakhokidze.
In the current scheme of things, upon launch Firefox starts a privileged parent process, which further spawns eight processes for web content, and a maximum of two additional semi-privileged web content processes, along with four utility processes for web extensions, GPU operations, networking, and media decoding.
Gakhokidze explains that while separating the content into eight processes is pretty secure in itself, this arrangement still makes it possible for a malicious site to be placed in the same process as another trusted site.
Since all websites inside a process share the same memory, the untrusted site will be able to read the contents of the shared memory. This gets particularly dangerous when you consider the fact that all online ads, and embedded pages are placed into the same process as the parent page.
However, with Site Isolation, not only will all websites exist in their own process, each of the embedded elements that are not part of the same site will also be allocated their own processes.
Besides the security benefits of such an arrangement, Gakhokidze also lists a few other advantages as well.
For starters, using more processes to load websites will enable Firefox to efficiently use available resources by spreading work across different CPU cores. Also, thanks to the siloed approach, tab crashes will not have any impact on websites loaded in different processes.
The Site Isolation feature is currently being tested in nightly and beta builds of the browser, and will make its way into the stable release when the developers consider it to be stable.
- Protect your devices with these best antivirus software