Chrome 67: wider Site Isolation roll out
Google started the roll out of Google Chrome 67, a new version of the company's web browser, today. The new version of Chrome is a security release first and foremost.
Google Chrome users on the desktop can run manual checks for updates to get the browser update right away; considering that Chrome 67 fixes 34 security issues, several of them rated as high, the second highest rating after critical, it is important that users update the browser to the new version as soon as possible.
Just load chrome://settings/help in the Chrome address bar to run a manual check for update. Please note that this works only on desktop versions of Chrome and not mobile versions. Unless you download and install Chrome 67 from mirror sites that are not official, you have to wait for Google to distribute the browser to your device.
Google continues the roll out of Site Isolation in Chrome. The feature landed in Chrome 63 but it was turned off initially as Google wanted to test the functionality on a small subset of users before it widened the audience.
Update: Site Isolation has been turned on for 99% of all Chrome 67 installations according to Google.
Site Isolation, or Strict Site Isolation, limits render processes to individual sites. Instead of handling multiple sites in a single render process, Chrome will move any additional site loaded on a website in its own process. Sites can be loaded using iframes and other means.
Site Isolation improves stability and security but it comes at the cost of increased memory usage. Google stated that initial tests showed that memory usage might increase by up to 20%.
Google enabled the feature for part of the Chrome userbase but it included an experimental flag in the browser which provided anyone with the option to enable it in Chrome (check out the linked article above for instructions).
Chrome users who have been selected for the Site Isolation trial may disable it in the following ways:
- SetÂ chrome://flags#enable-site-per-process to disabled if you enabled the feature using the flag.
- Set chrome://flags#site-isolation-trial-opt-out to "Opt-out (not recommended)" if you have been selected for the trial.
Google notes that users may run into issues when they try to load certain sites in Chrome. Another reason for wanting to disable Site Isolation is the increase in memory usage. If you notice Chrome's memory usage going way up, you may want to check if the feature has been enabled for the installation.
Chrome 67 features plenty of under-the-hood changes. You find some of them mentioned on the official Chromium Blog (focusing on Developer additions); notable additions are inclusion of a Generic Sensor API to work with sensors such as accelerometers, gyroscopes, or motion sensors, the new WebXR Device API for AR and VR experiences, and support for the Web Authentication API.
- Google Chrome 66: password export, autoplay blocker, and security updates
- How to enable First-Party Isolation in Firefox
What if a website loads up 100 of iframes of tracking’n’stuff? Will it load 100 content processes? RIP my memory. I think I may just switch to good old Firefox’n’noscript when I’m not using the Tor Browser.
(Soon) How to scam Chrome users: make a tech support scam webpage that loads 3k iframes and tell them their system needs a mem cleanup. 3k$ a day guaranteed.
Chrome security team: But muuh we need to mitigate against Meltdown/Spectre in the software instead of telling Intel/AMD to fix their backdoored ME/PSP performance-first security-last spying silicon pieces!!
I have been switching between Chrome and Firefox for a long time. Usually just switching things up to check the newest releases, and the use for me has been about 50/50 until recently. The last couple of Chrome release have really changed things for me for the worse. I find myself using Firefox more, and I am quite happy with it. I don’t know what Google it trying to do with Chrome, but for me the browsers have flipped. Chrome was the overall choice if I had to choose, but now it’s Firefox.
As you can see according to this article Google is being very clear on what it’s trying to do with Chrome (adding strict site isolation for example). If anything, the last couple of Firefox releases are what have changed things for the worse.
Browser marketshare for FF has been plummeting thanks to Mozilla’s decisions to transition to a far less powerful WebExtension system, adding tracking scripts to its add-on page, etc.
“Google stated that initial tests showed that memory usage might increase by up to 20%.”
From what I’m seeing that is some seriously wishful thinking. I need to test it more but… On android central I saw up to 18 subframes, if you then open business insider and forbes, all three at the same time, you will have then won the content process jackpot.
Screenshot – 3 tabs using 2.7GB of memory without even scrolling the pages, no content blocking enabled:
With Chrome Stable I opened one tab to an article on PCWorld. Not using any content blocking I saw 13 subframes using about 750MB of memory. The total browser memory use was about 1.34GB, for one tab. Total memory use did not include uBO and Privacy Possum because they were disabled on the site.
Screenshot – one tab no content blocking:
I’m thinking that the higher memory use will push people into using some type of content blocking, disabling site isolation with a flag, or moving to a different browser. Is having 4GB of system memory going to be enough to run Chrome with more than three tabs open? On PCWorld with content blocking Enabled, the subframe count went from 13 to 2, with my uBO setup that is globally blocking 3rd-party frames, the subframe count went down to 1. Most importantly, content blocking will significantly reduce the memory use when site isolation is enabled.
What I’ve been doing with Chrome Dev and Stable is to have site isolation disabled with the “opt-out” flag and the desktop shortcuts are using the site-per-process command line switch. So, if I open either one with the ‘taskbar shortcut’ the result will be no site isolation, opening the ‘desktop shortcut’ results in site isolation working. I have plenty of memory so I might change that setup in the future to use site isolation all the time, but right now I don’t care one way or the other, Chrome is not my primary.
I just checked Chrome Stable with Site Isolation enabled, and it used a lot of RAM (about 3.1 Gigabytes of it). The machine has 32 Gigabytes of RAM so no issue yet on that end but if you run Chrome on a machine with 4 Gigabytes or even less, I’d imagine that things may not run as smooth anymore with the feature enabled.
You’re spot on. About the same amount for me. And I just upgraded my RAM from 4 to 8 recently, and now Chrome cancels it right out. Great!
I don’t like opening pages without content blocking enabled but decided to risk one more test for the team. At least I’m using a small malware hosts file. ;)
Anyway, with content blocking disabled, I opened 12 tabs, one being the Startpage search engine, so that tab was a freebie. Did not scroll any pages and stayed on page only until it was done loading. I saw “61” chrome processes in the Windows Task Manager and it was using 5.5GB of RAM. If I tried, I don’t think it would be that hard to use 8GB but then I would be sweating bullets worrying about ruining my 10 year record of being malware free. Nuf said. LoL
The content blocking is probably preventing some processes that would otherwise be created so that overall RAM use is not as high.
“Chrome users who have been selected for the Site Isolation trial may disable it in two ways:”
Just noticed that is Not what I’m seeing. I have for some time now, had the flag “Site isolation trial opt-out” set to “Opt-out (not recommended)”. Since my Chrome install was chosen for the trial, the only way I can disable site isolation is with the “Opt-out” flag, the flag for “Strict site isolation” is already set to “Disabled” which for me is the default setting for that flag. Screenshot shows my default flag settings and site isolation is working. Looks to me like the only way to really tell is to open e.g. Forbes or IMDb then look to see in the chrome task manager if there is a subframe process, if there is then site isolation is enabled. The following link has a “Verifying” section also for anyone interested: “https://www.chromium.org/Home/chromium-security/site-isolation”
I wanted to be able to visualize the memory use with content blocking enabled or not, and with site isolation enabled or not.
Memory use with 12 Tabs, most of which can have subframe processes when using site isolation:
No Content Blocking + Site Isolation = 4.97GB
No Content Blocking â€” No Site Isolation = 3.65GB
Content Blocking + Site Isolation = 1.63GB
Content Blocking â€” No Site Isolation = 1.38GB
Richard, thanks for the info. I have updated the article to reflect your experience.
Under latest Windows 10 1803 x64 Home, Chrome 68.0.3440.59 beta (64 bit): Developer Tools Experiments 68.0.3440.89 and Strict Site Isolation are enabled with no specific action by me. System Explorer shows memory usage currently at 41% with 6 tabs open. I have no concern with that on my 3 year old 8 gig laptop. I used “chrome://flags/#enable-site-per-process” to see this status. FYI
Just to be clear, Chrome by itself was using 5.5GB of RAM, total used by system was 7.7GB. This desktop has 16GB.
Firefox Nightly+WebRender For the Win!
I’ll say it but Chrome is turning into trash can showdown with all the memory usage, it’s now IMPOSSIBLE to use it with a 3Go notebook that I have.
I am sure PC and RAM manufacturers are loving what Google is doing. This makes you wonder …
And don’t forget the Spectre/Meltdown security scare. Systems with Haswell (4th-gen) or older CPU’s are slowed down by both the Windows and microcode/BIOS patches.
Put two and two together…and it seems like an agreement between Microsoft, Google, and Intel to *slow down* older Win 7 systems with limited memory.
And *encourage, force, drag* people into buying NEW systems with Win 10.
Criminal conspiracy? Normal evil corporate behavior?
Whatever it is, those three companies are benefiting financially from these so-called “patches” and “upgrades.”
Quite odd as i have chrome installed on my linux PC and it hardly ever uses more than 500mb of ram and this is with site isolation enabled.
It depends a lot, probably, on what you do on the Internet.
On Ubuntu, chrome seems to use less memory than firefox.
Been my experience that it eats up a lot of RAM doing this site isolation. If your a person who likes lot’s and lot’s of tabs opened, site isolation is not for you. I have 8 Gb RAM and with only 6 tabs open I was at 70% of my RAM consumption. Much of that was Chrome not Windows. Also Chrome 67 seems to create a lot of CPU cycles at times too. I noticed my fan which hardly ever is noticeable running at times. Cannot pin it down, but something with Java script or Ajax. Edge right now is much more plausible as a lower resource browser then Chrome.
Does anyone know if the builds from https://chromium.woolyss.com/ are safe?
Why wouldn’t these builds be safe? That website has a long-standing good reputation as a provider of clean Chromium builds.
I have the new 67 version of chrome and I am using 64 bit Windows 7 with 6 GB ram.
With 4 tabs open and site isolation I am only using 1.6 GB ram with CPU 4%.
I would think users with PC with 4Gb RAM or less and possibly Chromebook users might see more issues. I tested this out on a older system months ago and was very surprised at how much RAM it consumed at times. If your one who opens a lot of tabs I think that site isolation won’t be kind to you. But is all this really needed by default anyway? I have yet to read about any serious exploit attacking any of these flaws. I’ve already relegated Chrome to a backup browser so this won’t affect me much. I was already fed up with the RAM use before this and while you can turn it off, I still see Chrome as a RAM consuming browser that isn’t what it once was.
Was upgraded to Chrome 68, still disabled by default for me. Not sure why? have 8 Gb ram Kaby Lake core i5 and SSD. Wonder what the criteria is when installing to enable it? Or maybe Google has quietly backed off enabling it except for PC’s with more RAM? All of my PC’s have at least 8GB RAM and none have had site isolation turned on by default. Guess all of them are part of that 1% that doesn’t get it?