Site Isolation: Confining Untrustworthy Code in the Web Browser

Presented at Black Hat Europe 2019, Dec. 5, 2019, 2:15 p.m. (50 minutes).

In the late 2000s, web browsers moved from single-process to multi-process architectures, introducing a sandbox boundary between untrustworthy code from the web and local resources. While effective at the time, the security landscape has changed and a stronger architecture is now needed.

In this talk, we will cover our deployment of the Site Isolation architecture to Chrome users. This pushes the browser security model forward, mitigating entire classes of attacks: from same-process Spectre exploits to UXSS to arbitrary code execution in the renderer sandbox. We will discuss how the browser's architecture has changed, what security properties it offers, what limitations still exist, and how we preserved compatibility and performance to scale it to all Chrome desktop users. Finally, we will give examples of new types of Site Isolation bypass bugs that fall into Chrome's Vulnerability Rewards Program, for those motivated to help us make this defense stronger.


Presenters:

  • Nasko Oskov - Software Engineer, Google
    Nasko Oskov is an engineer on the Chrome security team. He currently works on Site Isolation, process model, navigation, and overall secure by default design. He is always happy to chat security, complex systems, proper engineering practices, and anything that can make our tech world better.
  • Charlie Reis - Software Engineer, Google
    Charlie Reis is the Tech Lead for the Site Isolation team within Chrome Security. He has worked on Chrome's process model and navigation logic since 2008, and he got his PhD on web browser architecture at UW CSE in 2009.

Links:

Similar Presentations: