New Chrome update will reduce performance, Google admits 

Browsing the internet may be about to feel slower, thanks to an update to the Chrome web browser designed to stop hackers stealing your personal information.

The search company has released the patch to deal with the Meltdown and Spectre design flaws first discovered in January which affected all modern computers.

The update is enabled by default on 99 per cent of Google Chrome users, across all major operating systems, including Windows, Mac, Linux, and ChromeOS.

Google has admitted the latest precautions will come at the expense of speed, with users told the updated security measures could reduce performance by 13 per cent. 

Browsing the internet may be about to feel slower, thanks to an update to the Chrome browser designed to prevent hackers stealing your personal information (stock image)

Google announced the new feature, known as ‘site isolation’, via its security blog.

It has now been added to Chrome 67, the latest version of the browser, and has been rolled-out to 99 per cent of users on Windows, Mac, Linux, and Chrome OS.

The Chrome web browser works by processing individual parts of information in different compartments of its software.

This allows tabs to be operated independently from one another, for example.

To tackle the problems presented by the Meltdown and Spectre vulnerabilities, which let hackers bypass these barriers, Google has added additional partitions to its software.

Meltdown and Spectre are two chipset vulnerabilities, which allow hackers to bypass the hardware barrier between applications run by users and the computer’s internal memory, allowing letting hackers to read sensitive information from the memory.

Meltdown is specific to Intel processors, whereas Spectre affected chipsets from a host of manufacturers, including Intel, AMD and Arm.

Google Chrome now isolates the data available to hackers in each tab using a new site isolation feature, which is included in a key part of the software, dubbed the ‘renderer’.

This converts the code used to create a website into the actual pixels you see on your laptop, tablet or smartphone screen.

Site isolation splits this rendering process into further separate processes, hopefully offering more protection against unwanted intrusion from cyber criminals.

Unfortunately, Chrome users will pay the price for the added security benefits when it comes to raw performance.

This is particularly going to be noticeable when users have a lot of tabs are open, especially running high resolution video and images.

Google's site isolation feature affects  the renderer, which converts the code used to create a website into the actual pixels you see. Site isolation splits this rendering process into further separate process, hopefully offering more protection (pictured)

Google’s site isolation feature affects the renderer, which converts the code used to create a website into the actual pixels you see. Site isolation splits this rendering process into further separate process, hopefully offering more protection (pictured)

HOW DOES GOOGLE’S NEW CHROME SITE ISOLATION SECURITY FEATURE WORK?

Chrome works by processing different bits of information in different compartments of its software.

This allows tabs to operated independently from one another, for example.

To tackle the problems presented by the Meltdown and Spectre vulnerabilities, which let hackers bypass these barriers, Google is adding extra partitions to its approach.

Google’s site isolation feature affects a key part of Chrome, called the renderer.

This converts the code used to create a website into the actual pixels you see on your laptop, tablet or smartphone’s screen.

Site isolation splits this rendering process into further separate process, hopefully offering more protection against unwanted intrusion by cyber criminals.

Unfortunately, the price users pay is Chrome using more memory to run the processes.

This is particularly going to be noticeable if lots of tabs are open, especially with high resolution video and images.

Writing on Google’s security blog, Charlie Reis, site isolator, said: ‘Site Isolation is a large change to Chrome’s architecture that limits each renderer process to documents from a single site. 

‘As a result, Chrome can rely on the operating system to prevent attacks between processes, and thus, between sites.

‘Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs.

‘On the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10 to 13 per cent total memory overhead in real workload.

‘Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure.’

Google says the feature has been added to Chrome  67, the latest version of the browser, and has been enabled for 99 per cent of users on Windows, Mac, Linux, and Chrome (logo pictured) OS

Google says the feature has been added to Chrome 67, the latest version of the browser, and has been enabled for 99 per cent of users on Windows, Mac, Linux, and Chrome (logo pictured) OS

WHAT ARE THE MELTDOWN AND SPECTRE DESIGN FLAWS?

Security researchers at Google’s Project Zero computer security analysis team, in conjunction with academic and industry researchers from several countries, exposed the two flaws in January.

Meltdown, which is specific to Intel chips, lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory.

It was first discovered by Project Zero in June last year, when expert Jann Horn found that passwords, encryption keys, and sensitive information open in applications that should have been protected could be accessed.

Details emerged about two massive security flaws which put billions of people worldwide at risk of being hacked. Meltdown and Spectre could let cyber criminals steal data from nearly every computing device containing chips from Intel, AMD and Arm

Meltdown and Spectre could let cyber criminals steal data from nearly every computing device containing chips from Intel, AMD and Arm, putting billions of people worldwide at risk of being hacked

A second bug, called Spectre, affects chips from Intel, AMD and Arm.

This lets hackers potentially trick otherwise error-free applications into giving up secret information.

Project Zero disclosed the Meltdown vulnerability not long after Intel said it’s working to patch it.

Intel says the average computer user won’t experience significant slowdowns as it’s fixed.



Read more at DailyMail.co.uk