What Chrome users should do following Spectre vulnerability图片展示
What Chrome users should do following Spectre vulnerability视频展示
What Chrome users should do following Spectre vulnerability详情
The new year kicked off with a bang on Jan. 3 when security researchers revealed two major software vulnerabilities that affect, to some extent, most types of computer processors on the planet. Laptops, desktops, Chromebooks, smartphones, and enterprise machines are all potentially at risk, theoretically allowing attackers exploiting what have been dubbed Meltdown and Spectre to steal your passwords and other sensitive data.
And while the ultimate fix may be a costly hardware one, there are steps you can take today to at least mitigate your risk. If you're a Chrome user in particular, Google has one very specific recommendation for protecting against Spectre.
Now here's the rare dash of good news: It's super easy to implement.
SEE ALSO:Google says it's got your back on major CPU vulnerabilityBuried within Google's lengthy (and informative!) blog post on its response to Spectre (Variant 1 and 2) and Meltdown (Variant 3) is a link to a page listing the "mitigation status" of affected products. Essentially, this page lists out all the Google services that are at risk, and what steps the company has taken to address that risk. In some cases, it includes stuff you have to do yourself.
Notably, this doesn't mean that doing these things will 100 percent protect you, but, taken in the aggregate, they represent a line of defense against some seriously big security holes.
This is where we come back to Chrome, and a little something called Site Isolation. According to The Chromium Projects, and this gets technical pretty quickly, "[Site Isolation] makes it harder for untrusted websites to access or steal information from your accounts on other websites."
That sounds good, especially considering that a Google spokesperson told Mashable via email that "Variant 1 (Spectre) can be used in Javascript to pull secrets from a user's browser, by attacking the process memory of the browser."
"The Site Isolation protection loads each individual remote website in a separate process," continued the spokesperson. "By doing so, if a user runs into an attack from a bad site, the process memory for the site the user is trying to reach is unavailable to be attacked. That way, your login secrets for one site cannot be stolen by another."
This is definitely a welcome additional layer of security. So, how to enable it? In Chrome, go to chrome://flags/#enable-site-per-process and click "enable" on "Strict site isolation." You'll need to restart your browser, but otherwise that's it.
Pretty simple, right?
We also reached out to Google to determine if this will have any adverse affects on your browsing experience — say, reduced speeds — and were pleased to hear that we shouldn't really worry about that.
"The performance loss for Chrome specifically should be negligible," the spokesperson assured us.
So, yeah, download all your patches and enable Site Isolation on Chrome. Your data will thank you.
This story has been updated with additional comment from Google.
Featured Video For You
The most difficult kind of computer systems to hack
TopicsCybersecurityGoogleIntel