Chrome has a new security feature - Site Isolation Details below "Site Isolation offers a second line of defense to make such attacks less likely to succeed. It ensures that pages from different websites are always put into different processes, each running in a sandbox that limits what the process is allowed to do. It also blocks the process from receiving certain types of sensitive documents from other sites. As a result, a malicious website will find it more difficult to steal data from other sites, even if it can break some of the rules in its own process." http://www.chromium.org/Home/chromium-security/site-isolation I was wondering if this security feature within Chrome may have an impact to security addons by antivirus vendors. ie. Kaspersky has a Protection addon that allows private browsing by blocking beacons, analytics, etc.
I would love to see a "heads up" versus this new feature with Incognito mode! I am fond of unique profiles running in Incognito mode. Not a major Chrome user, but I do use it for some places that just run better than when using Quantum, since some sites just love Chrome giving it their full support.
With all this fileless malware beginning to surface, not to mention malicious scripts, anything that can help is a bonus. But will it messs with your security installed ?
I've had it enabled for several weeks on 2 fast machines and have noticed no impact in terms of RAM or speed. I'm using Avira Pro without any add on so I can't answer your question, but I haven't seen any strange behaviour.
@Mover It's been some days since you first asked and no specific answer to your specific question. I think there's no other choice than try it for yourself.
Firstly it's not new feature. It have been there since I came to Wilders, so maybe around 2013, in that time it required --enable-strict-site-isolation flag and I've been using it from that time. Addons run in its own sandbox and communicate with renderer processes via IPC. These addons already intarct well with each tabs which runs in its own process, so I see no reason site isolation suddenly break that. But this feature OTOH can break some sites, I have experienced it tho quite rare. Also, I believe main target of site isolation is web based attack such as XSS or CSRF, tho theoretically it can prevent some fileless in-memory malware which is actually just a RCE with cookie or other credential theft capability (not to mention Spectre/Meltdown).
It was local commodity(?) site, like very smaller version of Amazon (I don't know how I should call that in English, sorry). I couldn't go to shopping cart or couldn't pay, tho don't remember well. Woops, well I was too hasty. Traditional XSS or CSRF bypasses SOP by design, but there can be browser bug which can cause the same effect. Anyway, I was wrong. Thx to point out.