Ghostbusters in Chrome 67 stop Spectre cross-tab sniffs and more
Enhanced Spectre-protectors will soon come to the Chrome browser, as its desktop stable channel hit version 67.0.3396.62 and upgrades for Windows, Mac and Linux have started to flow.
The Spectre mitigation comes in the form of enhanced site isolation, first introduced in Chrome 63, in which pages from different sites run in sandboxes that block them receiving sensitive data from other sites.
It was designed as a second-layer defence if an attacker found a way around Chrome’s Same Origin Policy, explained here .
The site isolation design document explains that the Spectre mitigation sandboxes site renderer processes.
The design document says when fully-implemented, site isolation will also protect against theft of cookies and stored HTML5 data; cross-site HTML, XML and JSON theft using MIME type and content sniffing; saved password theft; X-Frame compromise; and cross-site DOM element access.
Site isolation remains a trial feature, so it’s optional for users, and the Chrome announcement explains how to disable it if it’s causing problems.
Chrome’s developers also announced 34 other security bug-fixes in Chrome 67, including nine contributed by external researchers and rated high-severity.
There are two in Blink (CVE-2018-6123, a use-after free; and CVE-2018-6124, a type confusion). CVE-2018-6125 tightens up too-loose WebUSB permissions, CVE-2018-6126 is a heap buffer overflow in the Skia graphics engine, CVE-2018-6127 is another use-after-free, this time in indexDB.
CVE-2018-6128 is an iOS-specific universal cross-site scripting bug, there are two WebRTC bugs (CVE-2018-6129 and CVE-2018-6130, both out-of-bounds memory access), and CVE-2018-6131, a WebAssembly mutability protection error. ®
Sponsored: Minds Mastering Machines – Call for papers now open
