- Mar 29, 2018
Continue reading hereSite Isolation is a modern browser security feature that works by separating each web page and web iframes in their own operating system process in order to prevent sites from tampering or stealing with each other's data. The feature was first deployed with Google Chrome in mid-2018, with the release of Chrome 67. Although initially, Site Isolation was meant to be deployed as a general improvement to Chrome's security posture, the feature came just in time to serve as a protective measure against the Spectre vulnerability impacting modern CPUs. Seeing the feature's success, Mozilla also announced plans to support it with the Firefox browser in February 2019, as part of an internal project codenamed Fission.
For both Google and Mozilla, implementing Site Isolation was a time-consuming operation, requiring engineers to re-write large chunks of their browsers' internal architecture. The process took about two years for both Google and Mozilla. While Site Isolation is now a stable feature inside Chrome, this work is now nearing its completion inside Firefox. According to an update to the Project Fission wiki page, Site Isolation can now be enabled inside versions of Firefox Nightly, the Firefox version where new features are tested.
To enable it, Firefox users must:
- Access the about:config page
- Set the "fission.autostart" and "gfx.webrender.all" prefs to "true".
- DO NOT edit any other "fission.*" or "gfx.webrender.*" prefs.
- Restart Firefox Nightly.