科技创新!
What Chrome users should do following Spectre vulnerability
The new year kicked off with a bang on Jan. 3 when security researchers revealed two major software vulnerabilities that affect, to some extent, most types of computer processors on the planet. Laptops, desktops, Chromebooks, smartphones, and enterprise machines are all potentially at risk, theoretically allowing attackers exploiting what have been dubbed Meltdown and Spectre to steal your passwords and other sensitive data.
And while the ultimate fix may be a costly hardware one, there are steps you can take today to at least mitigate your risk. If you're a Chrome user in particular, Google has one very specific recommendation for protecting against Spectre.
Now here's the rare dash of good news: It's super easy to implement.
SEE ALSO: Google says it's got your back on major CPU vulnerabilityBuried within Google's lengthy (and informative!) blog post on its response to Spectre (Variant 1 and 2) and Meltdown (Variant 3) is a link to a page listing the "mitigation status" of affected products. Essentially, this page lists out all the Google services that are at risk, and what steps the company has taken to address that risk. In some cases, it includes stuff you have to do yourself.
Notably, this doesn't mean that doing these things will 100 percent protect you, but, taken in the aggregate, they represent a line of defense against some seriously big security holes.
This is where we come back to Chrome, and a little something called Site Isolation. According to The Chromium Projects, and this gets technical pretty quickly, "[Site Isolation] makes it harder for untrusted websites to access or steal information from your accounts on other websites."
That sounds good, especially considering that a Google spokesperson told Mashable via email that "Variant 1 (Spectre) can be used in Javascript to pull secrets from a user's browser, by attacking the process memory of the browser."
"The Site Isolation protection loads each individual remote website in a separate process," continued the spokesperson. "By doing so, if a user runs into an attack from a bad site, the process memory for the site the user is trying to reach is unavailable to be attacked. That way, your login secrets for one site cannot be stolen by another."
This is definitely a welcome additional layer of security. So, how to enable it? In Chrome, go to chrome://flags/#enable-site-per-process and click "enable" on "Strict site isolation." You'll need to restart your browser, but otherwise that's it.
Pretty simple, right?
We also reached out to Google to determine if this will have any adverse affects on your browsing experience — say, reduced speeds — and were pleased to hear that we shouldn't really worry about that.
"The performance loss for Chrome specifically should be negligible," the spokesperson assured us.
So, yeah, download all your patches and enable Site Isolation on Chrome. Your data will thank you.
This story has been updated with additional comment from Google.
Featured Video For You
The most difficult kind of computer systems to hack
友链
外链
互链
Copyright © 2023 Powered by
What Chrome users should do following Spectre vulnerability-铁板歌喉网
sitemap
文章
5
浏览
953
获赞
34
热门推荐
Google's new Chromecast has a remote and an interface called Google TV
Google's Chromecast product line has stood out for years among streaming hardware because, unlike RoBoris Johnson told 'please leave my town' by polite but brutally honest man
People from Yorkshire are pretty well-known for saying it exactly like it is. And UK Prime MinisterYTMND, one of the internet's earliest meme sites, shuts down forever
One of the internet’s earliest meme pioneers is no more. “You’re the Man Now, Dog!Amazon is 3D
Amazon has been conducting research that involves digital 3D "scans" of people's bodies in exchangeStephen King live
Trump's trip to the UK has been fairly eventful so far -- and it's only one day in.Over the past 24Google adds more bite
Google hasn't completely given up on its Wear OS smartwatch platform just yet.Ahead of its I/O develAmazon launches in
Heads up, Amazon Prime members: The in-garage delivery service Amazon first tipped in January is nowThe best phone to take Northern Lights pictures isn't an iPhone
It was dark and my feet were freezing, despite my winter boots and Alaska-themed wool socks. Up on aRobert Mueller's 'I take your question' response is turning into a beautiful meme
Former special counsel Robert Mueller is finally testifying before Congress, and boy are some represMark Zuckerberg could become Facebook's 'designated compliance officer'
Facebook may be facing more than justa $3 to $5 billion finefrom the Federal Trade Commission.AccordWhy is everyone identifying as a sapiosexual on dating apps?
The fog of love that is dating in 2019 has led to a near-constant barrage of new terms that help usSometimes texting your 'number neighbor' goes horrifically wrong
Inspired by a Twitter trend, everyone's texting their number neighbor. Unfortunately, not everyone'sSamsung Galaxy Z Flip 5G is available for preorder
Just a few days before Samsung's Galaxy Unpackedevent on Aug. 5, the company has listed its Galaxy ZThe Boring Company wins contract to build Las Vegas tunnel
Elon Musk's Boring Company has been selected to build an underground "people mover" tunnel for the L3 worrying takeaways from the Meghan and Harry documentary
Pressure from the media is having a profound impact on Prince Harry and Meghan Markle's lives, an IT