Google Zero Day has raised the issue of threat Chrome browser In a recent blogpost. According to data compiled by the Tech Giant Project Zero team, these attacks have increased since 2019.
Google says that with multilayer Site isolation In Chrome, a single bug “almost never” is not bad enough to do something really bad, and attackers will need to use multiple bugs to either compromise the renderer process or get inside. Chrome Inside the browser process or OS.
Site Isolation is a security feature of Chrome that provides an extra level of protection against attacks by unscrupulous websites. It uses a browser’s sandbox to make suspicious websites more difficult to access or steal information from users’ accounts on other websites.
The site isolation process involves placing the pages of different websites in different processes, each running in a sandbox that limits what the process is allowed to do, making it harder for a malicious website to steal data from another website, Google explained.
Site isolation is, in Google’s own words, applied in the following ways:
“Cross-site documents are always placed in a different process, on the current tab, on a new tab, or on an iframe (e.g., embedding one web page inside another).
Cross-site data (such as HTML, XML, JSON, and PDF files) is not processed on a web page unless the server says it should be allowed (using CORS).
Security checks in the browser process can detect and eliminate a malicious renderer process (for the time being only on desktop platforms).
Google recommends that all users update their Chrome browser because bugs already patched can still be used by hackers to target older Chrome versions.
The tech giant says it is focusing on Android to strengthen site isolation and add more security to strengthen the Chrome browser. Adding extra layers will make a single bug mostly ineffective and it will require multiple, chained bugs to be able to do damage.