Web Browser Tips & Tricks
Google Chrome : Enable the Strict Site Isolation Option (enable-site-per-process)
In this video I will show you how I enable Google Chrome's Strict Site Isolation Option, also
known as the Site Per Process Option. This is an experimental feature in Google Chrome and may
have some adverse affects in certain use-case scenarios, which
I do my best to describe later in this video. I would do this on any type of Computer Hardware
that has Google Chrome installed on it, Mac, Windows, Smart-phones or All-in-ones. The reason
for doing this is the recent disclosure of
the exploits Meltdown and Spectre. This will only help protect Information while using Chrome
and only against variant 1 of Spectre.
In order to turn the Feature on:
Open Google Chrome on whatever Device it is installed on and in the Address Bar type: chrome://flags then press the Enter Key.
Once that Page has opened, goto to the Customize and Control Google Chrome Button or Menu in the top left corner of the Browser, (select) it …then (select) Find or Find in Page if on an Android Device.
In the Search Box type the word: Isolation
You should now see all the options that contain the word "Isolation" highlighted.
Goto the one with the Heading of "Strict Site Isolation" and click the Link at the bottom of the Option Description that now reads "Enable" so that it is changed to "Disable". There-by enabling the Option, ofcourse.
Right above the "Disable" link that I changed from "Enable" is a Link the reads "#enable-site-per-process", right-click it and choose "Copy Link Address" You can use this after Chrome re-starts to quickly double-check the Setting to make sure it's set as desired.
You will notice that Google Chrome will pop-up an Action Button at the bottom of the Browser asking you to "Relaunch Now" in order for the changes to take affect. Click it.
Once the Web Browser has re-started go back to the Address Bar and paste-in the Link that was copied and make sure it was applied properly. Again, I'd do this on any Device running Google Chrome and do my Web Surfing in Google Chrome until the Hardware Companies, i.e. Intel, AMD and ARM can roll-out patches to third-party Vendors such as Dell, HP and so forth.
With that said, if a Computer is running the Windows 10 Creators Update Operating System (1703 or 1709) and it has been patched with the KB4056891 or KB4056892 Patches, to my understanding you should be OK to Browse with Microsoft's Edge Browser with a similar mitigation as "Per Site Isolation" with added mitigation to the way the Kernel of the Operating System handles Data. Which should give you further protection from all variants of Spectre and Meltdown.
These are mere mitigations not fixes, the fixes will have to come from the Hardware Vendors. These mitigations also, come with a Performance Price. Now as far as turning-on Site Isolation in Chrome, it has a couple of caveats: Certain Developer Features will be hindered or un-available with it running, some i-Frames may not print when printing a Web Page and there will be a Browsing Performance Hit across the board. A small Price to pay, in my opinion.
There have, also, been reports of the Patches released from Microsoft not Installing properly and\or having conflicts with certain third-party Anti-virus Solutions.
I have updated Windows 10 Creators Update version 1703 running only Windows Defender AV with no issues and very little performance degradation.
What to do after all this? Keep and eye on your Computer's Manufacturer's Website for BIOS or other Firmware Updates, as these will likely be where the fixes come from.
* Requires the Google Chrome Web Browser to be installed. An Internet Connection is optional. *