Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You just need to run it in a process without any secret data from other origins or the browser/system.

That seems feasible without significant performance loss in most cases.

There is still a fingerprinting issue though that might not be possible to fully remove without huge performance cost.



Process isolation does not prevent Spectre. In theory, you can carry out Spectre over the network.


That's what Site Isolation is, but it has significant drawbacks: it cannot always protect against cross origin cookie leakage, and pages can have a lot more cross domain iframes than a reasonable process limit can account for.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: