Strict site isolation - surprise.
-
Given the current [& escalating] global hullabaloo about Meltdown & Spectre [white pussycat not included], this morning i read this https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/
"*According to Google, Chrome will receive mitigations to protect against Meltdown and Spectre exploitation in Chrome 64, due to be released on January 23.
Until then, Google recommends that users enable a new security feature it shipped in Chrome 63, called Strict Site Isolation*."
So in my V [latest] SS & Stable i went to Flags & was amazed to find that this flag IS present, despite both V's being only Chromium 62 not 63. I activated it in both & restarted both; so far the memory consumption increase seems marginal if anything... maybe it's not really functional yet? The flipside of my surprise re this flag being already in V, is that i also checked my Chromium, which is already at 63, yet it does not have this flag. Weird.
Update: Phew, now i feel slightly less bad; just read this penultimate paragraph [i have been reading widely on this problem for the past 2 days, yet this para in this article is the first time i've seen this critically important info] ... https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
"For typical desktop users, the risk is arguably less significant. While both Meltdown and Spectre can have value in expanding the scope of an existing flaw, neither one is sufficient on its own to, for example, break out of a Web browser."
-
Here is a list of Antivirus companies and their reaction to this problem, Microsoft also provides a security patch related to this problem on January 3
https://docs.google.com/spreadsheets/u/2/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview
-
I enabled Strict site isolation. So far, no issues, no performance drop at all. I use Linux, not sure if that means anything.
-
@felemur said in Strict site isolation - surprise.:
I use Linux, not sure if that means anything.
Certainly it does... it means everything... freedom, liberty, choice, flexibility, customisability, portability, creativity, fun...
-
Just as an aside, & though i confess it might not have direct benefit for these two latest issues, i personally recommend all Linux users here should very seriously consider no longer running V & their other browsers if any, "naked". For those not already doing so, IMO you should install Firejail, & thereafter run all your browsers [& frankly all other internet-facing pgms] in the FJ sandbox. It's incredibly easy to use; once installed [either from your Repo, or from the FJ Dev's site https://firejail.wordpress.com/] you simply launch it thus [eg, V SS]:
firejail -- vivaldi-snapshot
Or if you like running the cache in /tmp [particularly good if your /tmp is mounted as a ram-drive]:
firejail -- vivaldi-snapshot --disk-cache-dir=/tmp/vivaldi-snapshot-cache
IMO there's little downside, but much upside, in this precaution.
-
Tonight i have had to DISABLE the Strict site isolation Flag again. Reason = it was the root-cause of the chronic problem of V crashing when refreshing Speed-dial thumbnails. With that Flag once more Disabled, no more crashes..
More info ... https://forum.vivaldi.net/post/195150
-