Site Isolation is a modern browser security feature that works by separating each web page and web iframes in their own operating system process in order to prevent sites from tampering or stealing with each other's data. The feature was
first deployed with Google Chrome in mid-2018, with the release of Chrome 67. Although initially, Site Isolation was meant to be deployed as a general improvement to Chrome's security posture, the feature came just in time to serve as a protective measure against
the Spectre vulnerability impacting modern CPUs. Seeing the feature's success, Mozilla also announced plans to support it with the Firefox browser
in February 2019, as part of an internal project codenamed
Fission.
For both Google and Mozilla, implementing Site Isolation was a time-consuming operation, requiring engineers to re-write large chunks of their browsers' internal architecture. The process took about two years for both Google and Mozilla. While Site Isolation is now a stable feature inside Chrome, this work is now nearing its completion inside Firefox. According to an update to the Project Fission wiki page, Site Isolation can now be enabled inside versions of Firefox Nightly, the Firefox version where new features are tested.
To enable it, Firefox users must:
- Access the about:config page
- Set the "fission.autostart" and "gfx.webrender.all" prefs to "true".
- DO NOT edit any other "fission.*" or "gfx.webrender.*" prefs.
- Restart Firefox Nightly.
