Google’s Chrome browser is undergoing a major architectural change to enable a protection designed to blunt the threat of attacks related to the Spectre vulnerability in computer processors. If left unchecked by browsers or operating systems, such attacks may allow hackers to pluck passwords or other sensitive data out of computer memory when targets visit malicious sites.
Site isolation, as the mitigation is known, segregates code and data from each Internet domain into their own “renderer processes,” which are individual browser tasks that aren’t allowed to interact with each other. As a result, a page located at arstechnica.com that embeds ads from doubleclick.net will load content into two separate renderer processes, one for each domain. The protection, however, comes at a cost. It consumes an additional 10 to 13 percent of total memory. Some of the performance hit can be offset by smaller and shorter-lived renderer processes. Site isolation will also allow Chrome to re-enable more precise timers, which Google and most other browser makers disabled earlier this year to decrease chances of successful attacks.
Open about 15 tabs of your typical JavaScript bloated modern website and you will quickly be using many gigabytes of memory due to each tab being it’s own process.
Now it’s another 20% thanks to broken CPU architecture! Hilarious
The Firefox devs are working on something similar and have set themselves a target of getting the base memory requirement for a content process down to 10MiB “in order to keep the extra overhead from Fission below 1GB” in their test target of 100 content processes.
https://groups.google.com/forum/#!topic/firefox-dev/PpZBuRaRkuE
Edited 2018-07-13 18:35 UTC
On the plus side the architecture of Chrome will be even more suited to multicore CPUs, more of rendering of a page spread to multiple threads.
zima,
Is there any advantage for a typical workload though? IMHO, those background tabs don’t need any CPU whatsoever…let them starve until I choose to display them. As for a single tab, most of it is single threaded by nature. Browsers support parallel web workers, but it doesn’t do anything for the majority of websites in existence.
IMHO placing the burden of fixing spectre on software vendors is a stop-gap measure at best and the underlying vulnerabilities will continue to pose a threat to the industry until the affected hardware is physically replaced.
Well the description here suggests that there will be multiple processes also for single tab… Oh well, we’ll see.