How to enable Strict site isolation mode in Google Chrome
Strict site isolation is a new experimental feature of Google's Chrome web browser that ensures that processes are limited to pages from one site.
Chrome's multi-process architecture was introduced with the release of the browse. It improves security and stability of the browser at the expense of computer memory.
Security is improved as it becomes much harder for attackers to interact with content that is in other processes, and stability is improved as a crashing tab won't usually take the whole browser with it or other tabs.
Processes may still be shared in Chrome's default multi-process system. If you navigate to several different web pages in a single tab, these may be opened in a single process. The same is true for embedded web pages using iframes. Both mean that potentially unrelated sites share a single process.
Tip: You can configure Chrome to use one process per site which reduces the browser's memory usage.
Strict site isolation
Google introduced Strict site isolation mode in Chrome 63 which the company released the other day. The feature is not enabled by default, but available as an experimental flag.
Highly experimental security mode that ensures each renderer process contains pages from at most one site. In this mode, out-of-process iframes will be used whenever an iframe is cross-site. Mac, Windows, Linux, Chrome OS, Android
If enabled, Chrome will create new processes for the scenarios mentioned above. Basically, what it means is that Chrome will create new processes for any domain visited by the user.
This improves stability and security further, but it comes at the expense of additional memory requirements. Depending on how the browser is used, memory usage may go up by 20% or even more with Strict site isolation enabled as more processes will be spawned by Chrome.
How to enable Strict site isolation
The feature is available as an experimental flag currently. It is available for all desktop systems -- Windows, Mac and Linux -- as well as ChromeOS and Android.
- Load chrome://flags/#enable-site-per-process in Chrome's address bar to jump straight to it.
- Click on the "enable" button to change its state.
- Restart the Chrome browser.
You can undo the change at any time by repeating the steps, and clicking on the disable button this time.
You may start Chrome with the --site-per-process parameter for the same effect. Just add --site-per-process to Chrome's start to enable Strict Site Isolation in the browser.
The parameter enables the security and stability feature for all sites you visit in the web browser. You can use the startup parameter --isolate-origins to use it for specific sites only, e.g. --isolate-origins=https://www.facebook.com, https://google.com would enable the feature for the two referenced domains.
Users may disable Strict Site Isolation in Chrome in two ways currently:
- Load chrome://flags#enable-site-per-process and set the flag to disabled.
- Load chrome://flags#site-isolation-trial-opt-out and set the flag to Opt-out (not recommended).
Chrome is quite memory hungry already, but if you have enough RAM in your machines, you may want to enable the feature to improve stability and security further. You should not enable the feature if the machine you run Chrome on is low on RAM already, or if you don't want to or are allowed to run experimental features on it.Advertisement