Enable Site Isolation in Chrome for Android
Google integrated the Site Isolation, or Strict Site Isolation, security feature in Chrome 63 but did not enable it by default until it released Chrome 67.
The company revealed today that it has enabled Site Isolation in 99% of all Chrome installations for the desktop as of Chrome 67. The remaining 1% of installations without Site Isolation is used as a control group to monitor performance and issues.
Google plans to enable Site Isolation in Chrome for Android but has yet to reveal the version it plans to turn the security feature on by default.
Enterprise users may use policies to enable Site Isolation starting in Chrome 68 for Android, and there is also a manual option to turn the feature on right now.
Site Isolation separates a site's render process from others which improves security and provides mitigation against Spectre-class vulnerabilites like the recently discovered Spectre 1.1 and 1.2.
Enable Site Isolation in Chrome for Android
Android users who run Chrome on the device may enable Site Isolation in the browser.
Note that Site Isolation increases the memory usage of the browser and that Google mentioned that it has to address known issues that still exist. Google did not reveal what those issues are that are specific to Chrome on Android. It is easy enough to turn off Site Isolation should you run into these issues.
So, here is how you enable the security feature in Chrome for Android:
- Open Google Chrome on the Android device.
- If you are not sure about the version of Chrome, check it with taps on Menu > Help & Feedback > Menu > Version Info.
- Load chrome://flags/#enable-site-per-process in the browser's address bar.
- Set the status of the feature to enabled.
- Activate the restart option that is displayed.
Site Isolation is enabled in Chrome for Android after the restart. You can turn the feature off again by setting the flag to disabled and restarting Chrome. It is best to use Chrome as you normally would to make sure all sites and services work as expected.
There is no blacklist functionality available which means that your only option is to disable Site Isolation if you run into critical errors.
Tip: Firefox supports a similar feature called First-Party Isolation.
Closing Words
Site Isolation increases the memory usage of Chrome as it makes use of more processes. Google's own benchmarks saw memory usage increase by about 10%-13% on the desktop with Site Isolation enabled.
Site Isolation in Chrome for Android would be an Absolutely Horrifying thought if my Nexus 5x with 2GB of RAM wasn’t rooted and using my hosts file because the added subframe process count can quickly eat up memory.
Is there any way to verify if site isolation is working or not on Android? I don’t know of any. Reason I ask is that the flag #enable-site-per-process is showing “Disabled” in Chrome stable on my desktop even though the reality is that it is in fact Enabled. On desktop I have to use “#site-isolation-trial-opt-out” to Not have site isolation working. Which is why I wonder what the reality is on Chrome for Android because what the button on a flag says is not always accurate. At least it isn’t in Chrome Stable and Chrome Dev on Windows 7.
I just now opened One Tab on my desktop with site isolation enabled and without content blocking and it used 1.23GB of Ram. One tab. 25 subframe processes. Soooo, what is the impact going to be on Android with a browser that basically has zero content blocking? I’ll be using the opt-out flag in Chrome and Brave on Android, just to be sure it isn’t used.
“https://s22.postimg.cc/ttgu7cz0h/Site_Isolation_with_No_Content_Blocking.png”
I’m not suggesting that site isolation shouldn’t be used, only that they should be aware of the impact to RAM usage if content blocking is not being used. The amount of memory used will vary per website, the more 3rd-party sources used the more subframe processes there can be. PCWorld is kind of a worst case scenario because they use so many 3rd-party sources. The same page used in my example with site isolation Disabled and no content blocking used 551MB of memory vs 1.23GB w/site isolation Enabled. It is possible for memory use to double on some websites when site isolation is enabled if content blocking is not used.
I’ve left site isolation enabled on my desktop and with content blocking enabled I saw higher memory use in the range of 8.5% – 14% with 12 tabs open. That’s not bad but the increased memory use will change depending on the websites. The worst case scenario I could come up with was 14%. Content blocking has a huge impact in the reduction of subframe processes used.
In my case Chrome CPU consumption jumps to approximately 50% every 60 seconds which renders it absolutely unusable during those intervals. Although it’s riskier from a security standpoint I had to resort to disabling site isolation to mitigate the unbearable lag since I need to be able to actually use my computer whenever I have Chrome open.