Chrome site isolation option offers more security

Chrome 63, which was promoted to the stable release channel on Wednesday, comes with many security fixes and improvements, especially for the enterprise audience.

Chrome site isolation

Site Isolation

The biggest news is Site Isolation. Enterprise IT administrators can now make it so that Chrome renders content for each open website in a separate process, isolated from other websites.

Site isolation can be turned on for all websites, or for a list of specific websites (e.g. sites that users log in to, or sites that contain sensitive information like productivity sites or intranet sites).

If they choose not to enable either of these two isolation policies, Chrome will continue with its old policy: one tab, one process (there are caveats, though, e.g. different sites may share processes with each other and cross-site iframes may be rendered in the same process as their parent page).

The goal of site isolation is to create an additional security boundary between websites, so it makes sure that a new process is started each time a new domain is visited.

But, this increased security comes with a price: Site Isolation will increase Chrome memory usage by 10 to 20 percent.

Restricting extensions based on required permissions

In addition to whitelisting and blacklisting specific extensions, IT admins will, from now on, be able to block the use of Chrome extensions based on which permissions they ask:

Chrome site isolation

“For example, through policy, IT can now block all extensions that require the use of a webcam or microphone, or those that require access to reading or changing data on the websites visited,” Matt Blumberg, Product Manager, Chrome Enterprise, explained.

Chrome 63 also comes with support for TLS 1.3, the most recent version of the Transport Layer Security cryptographic protocol. For now, though, it will only be enabled for Gmail.

Don't miss