Strict site isolation is a new experimental feature of Google's Chrome web browser that ensures that processes are limited to pages from one site.
Chrome's multi-process architecture was introduced with the release of the browse. It improves security and stability of the browser at the expense of computer memory.
Security is improved as it becomes much harder for attackers to interact with content that is in other processes, and stability is improved as a crashing tab won't usually take the whole browser with it or other tabs.
Processes may still be shared in Chrome's default multi-process system. If you navigate to several different web pages in a single tab, these may be opened in a single process. The same is true for embedded web pages using iframes. Both mean that potentially unrelated sites share a single process.
Tip: You can configure Chrome to use one process per site which reduces the browser's memory usage.
Google introduced Strict site isolation mode in Chrome 63 which the company released the other day. The feature is not enabled by default, but available as an experimental flag.
Highly experimental security mode that ensures each renderer process contains pages from at most one site. In this mode, out-of-process iframes will be used whenever an iframe is cross-site. Mac, Windows, Linux, Chrome OS, Android
If enabled, Chrome will create new processes for the scenarios mentioned above. Basically, what it means is that Chrome will create new processes for any domain visited by the user.
This improves stability and security further, but it comes at the expense of additional memory requirements. Depending on how the browser is used, memory usage may go up by 20% or even more with Strict site isolation enabled as more processes will be spawned by Chrome.
The feature is available as an experimental flag currently. It is available for all desktop systems -- Windows, Mac and Linux -- as well as ChromeOS and Android.
You can undo the change at any time by repeating the steps, and clicking on the disable button this time.
You may start Chrome with the --site-per-process parameter for the same effect. Just add --site-per-process to Chrome's start to enable Strict Site Isolation in the browser.
The parameter enables the security and stability feature for all sites you visit in the web browser. You can use the startup parameter --isolate-origins to use it for specific sites only, e.g. --isolate-origins=https://www.facebook.com, https://google.com would enable the feature for the two referenced domains.
Users may disable Strict Site Isolation in Chrome in two ways currently:
Chrome is quite memory hungry already, but if you have enough RAM in your machines, you may want to enable the feature to improve stability and security further. You should not enable the feature if the machine you run Chrome on is low on RAM already, or if you don't want to or are allowed to run experimental features on it.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.