Google has outlined the issue of zero day threats to its Chrome browser in a recent blogpost. As per data compiled by the tech giants Project Zero team, these attacks have increased since 2019.
Google says that with the multilayer Site Isolation in Chrome, a single bug is “almost never” sufficient to do anything really bad and that attackers would need to use multiple bugs to either compromise the renderer process or get inside the Chrome browser process or inside the OS itself.
Site Isolation is a security feature in Chrome which offers an extra level of security against attacks from untrustworthy websites.It uses the browser’s sandbox to make it more difficult for suspicious websites to access or steal information from users accounts on other websites.
The process of Site Isolation involves putting the pages from different websites into different processes, each running in a sandbox that limits what the process is allowed to do, so that it becomes difficult for a malicious website to steal data from other websites, explains Google.
Site Isolation is, in Google’s own words, implemented in the following way:
“Cross-site documents are always put into a different process, whether the navigation is in the current tab, a new tab, or an iframe (i.e., one web page embedded inside another).
Cross-site data (such as HTML, XML, JSON, and PDF files) is not delivered to a web page’s process unless the server says it should be allowed (using CORS).
Security checks in the browser process can detect and terminate a misbehaving renderer process (only on desktop platforms for the time being).”
Google has also advised all the users to keep updating their Chrome browser as the bugs that are already patched can still be used by hackers to target older Chrome versions.
The tech giant said that it is going to further strengthen Site Isolation, keeping Android in main focus, and also add more security layers to make the Chrome browser shields more formidable.The addition of extra layers would make a single bug mostly ineffective and it would require multiple, chained bugs to be able to cause harm.
