Google has by default enabled a security feature called "Site Isolation" in its web browser with the release of Chrome 67 for all desktop users to help them protect against many online threats, including Spectre and Meltdown attack. Site Isolation is a feature of the Google Chrome web browser that adds an additional security boundary between websites by ensuring that different sites are always put into separate processes, isolated from each other.
Since each site in the browser gets its own sandboxed process, the feature makes it harder for untrusted websites to access or steal information of your accounts on other websites. In January this year when Google Project Zero researchers disclosed details of Spectre and Meltdown CPU vulnerabilities, the tech giant recommended Chrome desktop users to manually turn on Site Isolation feature on their devices to mitigate speculative side-channel attacks.
The discovery of various Spectre variants and sub-variants, Google has now by default enabled this security feature for 99% of Chrome desktop users on Windows, Mac, Linux, and Chrome OS. Given the broad scope of this new change, the company is keeping a 1 percent holdback, for now, to monitor and improve performance. Google is also investigating ways to extend the Site Isolation feature to Chrome for Android, its mobile platform "where there are additional known issues," but Android users can enable the feature manually.
Since browsers generally allow pages to embed images and scripts from any site, Google has also added a mechanism called Cross-Origin Read Blocking (CORB) to Site Isolation feature that "tell browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin." It should be noted that additional processes generated by Site Isolation could cause Chrome to use more memory, but Google promises to optimize this behavior to keep its browser fast.