spectre vs
Soon Google Chrome is going to use even more of your RAM, assuming that it’s even possible to use more than it already does. This is because of Chrome 67’s new Site Isolation feature to protect against Spectre.
假设甚至有可能使用更多的 RAM,谷歌浏览器将使用更多的RAM。 这是因为Chrome 67的新站点隔离功能可防止Spectre。
Spectre, for those who have forgotten, is a fundamental design flaw in every CPU on the market that exploits an issue in speculative execution to effectively read memory that the process should not have access to. The worst case scenario is that JavaScript code running in your web browser from a malicious or hacked site could read memory from elsewhere on your PC and steal your passwords, or find out that you’ve been browsing something embarrassing, like Linux fan sites.
对于那些已经忘记的人来说 ,Spectre是市场上每个CPU的基本设计缺陷,它利用推测执行中的问题来有效读取该进程不应该访问的内存。 最坏的情况是,在Web浏览器中从恶意网站或被黑客入侵的网站上运行JavaScript代码可能会从PC上的其他位置读取内存并窃取密码,或者发现您浏览的是令人尴尬的内容,例如Linux粉丝网站。
To fix this problem, Chrome 67 adds by default a new security feature called Site Isolation, which limits each rendering process to a single site, which means you will have a chrome.exe process for howtogeek.com and another chrome.exe process for google.com, and so on. By separating out the rendering processes by site, Chrome can prevent directly reading memory across processes, and utilize the built-in operating system protections against Spectre (which still isn’t very clear).
要解决此问题,Chrome 67默认会添加一项名为“ 网站隔离”的新安全功能,该功能可将每个渲染过程限制为一个站点,这意味着您将拥有howtogeek.com的chrome.exe进程和google的另一个chrome.exe进程。 .com等。 通过按站点划分渲染过程,Chrome可以防止跨进程直接读取内存,并利用针对Spectre的内置操作系统保护功能( 尚不十分清楚 )。
This also means that all iframes on a page (generally for ads) are put into a separate process than the parent frame, further increasing memory usage, but increasing security at the same time. They deployed a similar technology a year ago to move extensions to out-of-process iframes to protect malicious web pages from being able to use extensions to gain extra privileges.
这也意味着页面上的所有iframe(通常用于广告)都与父框架置于单独的进程中,从而进一步提高了内存使用率,但同时又提高了安全性。 他们一年前部署了类似的技术, 将扩展名移至进程外iframe,以保护恶意网页免于使用扩展名获得额外特权。
The bottom line, for people that open a ton of tabs, this is going to dramatically increase memory usage. You might need to consider using a tab manager extension.
最重要的是,对于那些打开大量标签的人来说,这将大大增加内存使用量。 您可能需要考虑使用选项卡管理器扩展 。
如何检查是否在Chrome中启用了网站隔离 (How to Check Whether Site Isolation is Enabled in Chrome)
Assuming you have a ton of tabs open already, you can open up Google Chrome’s Task Manager (Under Menu -> More Tools) and look for processes that say “Subframe:” and show a URL that is clearly not something you’re browsing directly—for instance doubleclick.net or 2mdn.net, which are iframes for ads.
假设您已经打开了大量选项卡,则可以打开Google Chrome浏览器的任务管理器(在菜单下->更多工具),然后查找显示“ Subframe:”的进程,并显示明显不是您直接浏览的URL的进程。 —例如doubleclick.net或2mdn.net,它们是广告的iframe。
As long as you see the subframe processes, Site Isolation is enabled on your system.
只要您看到子帧进程,系统就会启用站点隔离。
如何在Chrome中启用或禁用网站隔离(但您不应该禁用它) (How to Enable or Disable Site Isolation in Chrome (But You Shouldn’t Disable It))
To check whether this is enabled, or disable it should you choose (which we don’t recommend), you can head to chrome://flags#enable-site-per-process in your location bar, and then set the toggle for Strict Site Isolation to either Enabled or Disabled. You could also add a command line flag to start Chrome with –site-per-process, but that’s a lot of work.
要检查是否启用了此功能,或者您应该选择禁用它(我们不建议这样做),可以转到位置栏中的chrome://flags#enable-site-per-process ,然后为严格将站点隔离设置为“启用”或“禁用”。 您也可以添加命令行标志以按–site-per-process启动Chrome,但这需要大量工作。
You’d think the first option would control it, but even if site isolation is set to Disabled, the option below for “Site isolation trial opt-out” actually controls whether you’ve been opted into it. As of right now, Google has enabled Site isolation for almost everybody, so you’ll need to set the “trial opt-out” setting to “Opt-out” in order to turn this off. Which, again, you should not mess with.
您可能会认为第一个选项可以控制它,但是即使将站点隔离设置为“已禁用”,下面的“站点隔离试用退出”选项实际上也会控制您是否选择加入。 截至目前,Google已为几乎所有人启用了网站隔离功能,因此您需要将“试用退出”设置设为“退出”才能将其关闭。 同样,您不应该对此感到困惑。
It’s worth noting that even if you disable it, at some point Google will probably make this the default behavior and remove the ability to disable it, because site isolation is a lot more secure.
值得注意的是,即使您将其禁用,由于站点隔离更加安全,Google有时也会将其设为默认行为并取消禁用它的功能。
Mitigating Spectre with Site Isolation in Chrome [via Thurrott]
在Chrome中通过站点隔离缓解幽灵 [via Thurrott ]
翻译自: https://www.howtogeek.com/fyi/google-chrome-will-start-using-10-more-ram-now-thanks-to-spectre/
spectre vs
扫一扫
7804
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
