Google extends Site Isolation feature to Android users with Chrome 77 update

The feature was introduced in May 2018 for Chrome desktop users

Google has expanded Chrome's Site Isolation feature to Android users.

The feature was first introduced by Google in May 2018 with Chrome for desktops (Chrome 67) browser, but it is now being rolled out to Android users accessing the internet with the Chrome browser.

Google developed the Site Isolation feature to add an extra line of defence against Spectre and Meltdown-like side-channel attacks, and to prevent malicious websites and attackers from stealing sensitive information, such as passwords and authentication cookies, stored in the browser.

Site Isolation ensured that pages from different websites end up in different sandboxed processes in the browser.

The feature was effective in providing protections against Spectre and Meltdown - two CPU vulnerabilities that were discovered in 2018 and allowed malicious websites to launch speculative side-channel attacks directly from the browser.

In May 2018, Google rolled out Site Isolation to desktop users with release of Chrome 67, reaching 99 per cent coverage by July 2018. The company also promised to extend the feature for Chrome users on Android.

According to Google, it has now enabled site Isolation feature for 99 per cent of the Chrome Android userbase that has a smartphone with minimum 2GB RAM.

On these devices, Chrome 77 will spin a site (which users visit and enter passwords) into its own process.

Users can also enable Site Isolation for all sites, although it would incur a higher RAM overhead, Google says.

With Chrome 77, Site Isolation on desktops will also protect users against a wider range of attacks.

"Site Isolation can now handle even severe attacks where the renderer process is fully compromised via a security bug, such as memory corruption bugs or Universal Cross-Site Scripting (UXSS) logic errors," Google engineers said in a blog post.

According to Google, the feature will also prevent access to more data types, including network data, stored data and permissions, and cross-origin messaging.