Google Chrome Portable 63.0.3239.132 Stable (web browser) Released (January 5, 2018) (PortableApps.com)
Google Chrome to Get Meltdown and Spectre Patches on January 23 A method to remain protect already exists though (Jan 5, 2018 10:53 GMT)
Good job with the heads up on how to enable Strict site isolation, mood! Much appreciated, and now in place.
I've been using Site Isolation for a couple of months now and have experienced literally zero issues with it. It does add more chrome.exe processes in general, but with the amount of RAM that systems have these days I would much rather use more RAM and have better security, efficiency and performance. I'm guessing that Google's Chrome security team will likely push for Site Isolation on by default within the next stable release or two, hopefully. Also, it's interesting to view all of the additional "Subframe:" processes from Site Isolation using Chrome's own Task Manager (Shift+Esc). I assume that those Subframe processes are spawned by iframes and similar web features to isolate the main site processes from third party sites which are often embedded in most sites these days. I am All In when it comes to Site Isolation in Chrome/Chromium. This is something that no other browser has yet and is a huge advantage for security and privacy of user information. Sure, Edge has Windows Defender Application Guard (hypervisor / mini virtual machine) segregation but that is limited by platform and has much more resource usage demands. Thank you @mood for always keeping everyone here up-to-date on the latest and greatest!
Same here. Question. When the new Chrome comes out is Site Isolation turned on by default? Will we need to undo this when Chrome 64 rolls out? Inquiring minds want to know.
No, I don't think so. At least that is not the plans anyway. Site Isolation involved a couple of years worth of development and, from an "under-the-hood" perspective, represents quite a large architectural design change to Chrome's multi-process design. But the good thing is that the recent Meltdown/Spectre fiasco in the news has also brought a lot of attention to Site Isolation with many news articles and blogs written specifically about how to enable it. So that means there are now a great amount of users running Chrome with Site Isolation and therefore the development team will be receiving a lot more usage telemetry and bug reports which will in turn speed up overall development and make for a more stable and efficient Site Isolation once it does become enabled by default. I believe that there is a possibility that Chrome developers could experiment more with Site Isolation by enabling experimentation with, for example 10% of userbase or 25% or similar. That would likely be the next step before enabling by default. There is more AppContainer sandbox hardening coming up for Chrome as well which I am excited about, but that is an ongoing effort and may be another release or two away still. The plan is to have every chrome.exe process contained within individual AppContainer sandboxes. Great stuff on the horizon.
Wow that is some awesome news. Thanks for the news and insight. It seems that Google still has not updated Chrome. I thought an update was supposed to drop yesterday. So in my case, I do have Site Isolation enabled. When the update does get released, nothing for me to do further correct? I am speaking more so about Meltdown/Spectre protection. Thanks man.
So how exactly is this site isolation any different from how chrome handles different sites now?..i have not researched this feature so i was under the impression that chrome isolated different tabs as standard,
New in Chrome 64: ResizeObservers, Named Captures, import.meta and more! https://www.youtube.com/watch?v=y5sb-icqOyg
@mood Re Chrome 64.0.3282.119 I received this rss feed: https://chromereleases.googleblog.c...GoogleChromeReleases (Google Chrome Releases) Isn't this version on the beta channel not stable?
According to my "source" it is in the stable section. And "Just updated to Chrome 64 via the internal updater." #1391 + "I got this via the stable channel..." (source) I'll put the post above on hold.
Same thing happened with version 63. If it's offered on Stable channel then it's a Stable release. Was enabled because you enabled it in previous version. Strict site isolation is Disabled by Default on version 64.
Chrome 64 is the first Stable branch build that has been built with clang compiler. No more PGO builds, unfortunately. As can been seen via: chrome://version/ At the bottom beside: Compiler:
Yup so much this. Also if this is supposed to be an update to help with Spectre, why is this not turned on by default? Makes no sense to me.
Stable Channel Update for Desktop https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html