Chrome is Using 10-13% More RAM to Fight Spectre

An anonymous reader quotes PCWorld: The critical Meltdown and Spectre bugs baked deep into modern computer processors will have ramifications on the entire industry for years to come, and Chrome just became collateral damage. Google 67 enabled "Site Isolation" Spectre protection for most users, and the browser now uses 10 to 13 percent more RAM due to how the fix behaves.

"Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs," Googleâ(TM)s Charlie Reis says. "On the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure." It's a significant performance hit, especially for a browser battling a reputation for being a memory hog, but a worthwhile one nonetheless.
Chrome's Spectre-blocking site isolation "is now enabled by default for 99 percent of Chrome users on all platforms."

When will the next gen CPU

[AHuxley]

design fix all this?
No more slow CPU, no more extra RAM used, no more OS software to protect from CPU security flaws. Back to fast and secure CPU design work.

Anyone have a design time line for when this will all be fixed in the CPU again?

Re:

[Humbubba]

You make it sound like it's not a feature. Spectre was brought to you by the NSA, there will be something else there to take its place once new hardware is ready.

Do you really think the CPU is intentionally designed to be exploitable, or, to borrow from Elon Musk, do those those huge idiots not know what they're doing? I really don't know Spectre an abuse of a mistake or making use of a feature. I'm not sure which scenario is worse.

Re: When will the next gen CPU

[UnknowingFool]

My opinion it was more that most people were ignoring the dangers of using it. When Spectre and Meltdown were first disclosed, some people had warned about the security dangers and were largely ignored. It reminds me of the DNS cache poisoning that Dan Kaminsky found. Daniel J. Bernstein warned about that issue about 6 years earlier but not many in the community heeded his warning until Kaminsky was able to create an easy exploit.

Re:

[hcs_$reboot]

Too bad AMD is also affected (Spectre), otherwise Intel would have had more incentives to make new CPU earlier.

Re:When will the next gen CPU

[hcs_$reboot]

Well, there is still competition as who will have their fixed CPUs first..

Re:

[Agripa]

Well, there is still competition as who will have their fixed CPUs first..

If Spectre can be fixed which is not a given. Somehow they have to prevent speculative execution within the same process from altering CPU state.

Without a time machine, how do you prevent speculative loads in untaken branches without preventing speculative loads in taken branches?

Re:

[Anonymous Coward]

Though intels problems require a quadruple bypass, while amd's require a band-aid on the finger.

Re: When will the next gen CPU

[Anonymous Coward]

They were going to do this whether or not spectre and meltdown happened. This might have given them a kick in the as to hurry things up, but this ram was always going to be spent and you're not getting it back even if spectre & meltdown disappear.

Re: When will the next gen CPU

[UnknowingFool]

Yes but even if we accept your premise is true, users could opt out of this feature as a choice. With Spectre, users don't have much of a choice: Use less RAM and risk being hacked or use more RAM.

Re:When will the next gen CPU

[Anonymous Coward]

I don't expect CPU fixes to come until 3-5 years have passed. This requires a major redesign, it's not just a little fix.

Re:

[AmiMoJo]

Just buy an AMD CPU. The massive performance killing fixes are not required for them.

Unfortunately it doesn't look like Chrome detects Intel CPUs before enabling this.

Re:

[Megol]

Yes they are required.

Spectre is a collection of related exploits some of which are very hard to use on AMD architectures but not impossible in theory. Meltdown isn't however a problem for AMD but this Chrome design isn't intended to combat Meltdown.

Re:

[thegarbz]

Unfortunately it doesn't look like Chrome detects Intel CPUs before enabling this.

And why would it? This kind of fix resolves Speculative execution bugs, but it doesn't exclusively target them. This form of isolation is just good security practice in general, especially given the most likely attack vector is not the primary domain you're connected to.

Re:When will the next gen CPU

[arglebargle_xiv]

No more slow CPU, no more extra RAM used, no more OS software to protect from CPU security flaws.

Pick any two. Which do you want?

Re: When will the next gen CPU

[ranton]

Out of those three I would clearly sacrifice RAM. That is the easiest and cheapest part to go overboard on to ensure it is never a problem. Just get 32GB and this 10-13% extra usage is probably not an issue.

Clearly I would love all three, but my ideal second choice would be to sacrifice RAM for better CPU performance.

Re:

[thegarbz]

No more slow CPU, no more extra RAM

And ponies! We want ponies too.

Remember the reason we're in this mess is because people didn't want slow CPUs in the first place.

Re:

[Agripa]

design fix all this?

No more slow CPU, no more extra RAM used, no more OS software to protect from CPU security flaws. Back to fast and secure CPU design work.

Anyone have a design time line for when this will all be fixed in the CPU again?

So programs will maintain two different codebases for processors which are vulnerable and processors which are not? That will not happen for a long time even assuming that Specter is solvable. At best the impact on processors immune to Meltdown will be minimized.

Re:

[AHuxley]

When the RAM is set in a factory and the device used is sold with a set amount?
The OS, other consumer applications and browser then all start using more RAM to keep the consumer safe.
How many times does 10% start to add up to a lot of RAM that was not used before?

Re:

[hcs_$reboot]

Except if Chrome takes already 90%

Re:

[devslash0]

Just close all the excess tabs. There's no reason to keep 50 of them open at the same time.

Re:

[Tyger-ZA]

Buy a device that is expandable. That means a regular sized DESKTOP. If you buy a super thin device, that's YOUR fault for being trendy.

FTFY. Laptops are compromise devices.

Re:

[Tyger-ZA]

My laptop is expandable. I've got 64GB of RAM in it and I'm thinking about upgrading my GTX 1060 MXM to a GTX 1070 or 1080.

That's great, but I didn't say laptops can't be upgraded. I said that they're compromise devices

This means that for whatever feature you gain, something other metric is worse off

Want a 17" screen? Comes with a larger and heavier laptop

Want a high end gaming machine? Worse battery life

Want a higher capacity battery? The upgraded battery adds more weight

Want something smaller and lighter? Cramped keyboard, typically paired with weaker hardware overall

Want to upgrade anything? Pay more than you would for deskt

Re:

[dohzer]

Well spending the big bucks on an Apple would definitely reduce your chances of being able to afford to upgrade.

Re:

[Ol Olsoc]

Well spending the big bucks on an Apple would definitely reduce your chances of being able to afford to upgrade.

Pssst, Hey mister - that's a nice non-sequitur ya got there!

Re:10-13% more RAM?

[Anubis IV]

Who cares if you're running 32+ GB of RAM. Sucks if you're stuck on that modern new Macbook that caps out at 16 GB...

A) That’s like responding to a car analogy with “who cares if you own a private jet”? Suggesting that people should have 32GB of RAM to run a browser is preposterous.

B) The new MacBook Pros are configurable up to 32GB of RAM...

Re:

[Ol Olsoc]

Who cares if you're running 32+ GB of RAM. Sucks if you're stuck on that modern new Macbook that caps out at 16 GB...

A) That’s like responding to a car analogy with “who cares if you own a private jet”? Suggesting that people should have 32GB of RAM to run a browser is preposterous.

B) The new MacBook Pros are configurable up to 32GB of RAM...

Hold on, hold on - let the guy make some non-sequitur's about systemd and Russian hacking maybe before you squanch him. Its the only way he can participate.

Re:

[Highdude702]

Systemd made the russian trolls hack the election!! Why are you so blind to reality?!?!!!11!onetwotilde

Re:

[Ol Olsoc]

Systemd made the russian trolls hack the election!! Why are you so blind to reality?!?!!!11!onetwotilde

Using Macs.

Re:

[thegarbz]

Suggesting that people should have 32GB of RAM to run a browser is preposterous

Indeed. But don't let the hyperbole get in the way of a solid argument. If you're the person likely affected by this 10% then you're a person not really concerned with your computer speed in the first place or you wouldn't be running a $300 POS with 2GB of RAM.

In this case POS can mean Piece of Shit or Point of Sale terminal but I actually think the latter may have more RAM than that in it these days.

Now you're just like the other nutsies

[tepples]

Now that you've wished the atrocities of the Holocaust on another person, I can NOT SEE myself promoting your Hosts File Engine anymore.

DEY

Re:

[drinkypoo]

Now that you've wished the atrocities of the Holocaust on another person, I can NOT SEE myself promoting your Hosts File Engine anymore.

It was insane to ever support APK on any level since you cannot tell his troll posts from APK-mocking troll posts. That is troubling on multiple levels.

Re:

[Highdude702]

I don't much like APK, But in certain cases im sure his host file shit works for the plebs that don't know how to protect them self. That being said, its easy to tell when the "fake" APK is posting. He has almost an Alex Jones personality about things, and even if he is off the deep end, I have never seen hatred in his posts. and doesn't seem antisemitic by any means. I think you have been duped by one of the many slashdork trolls.

Re:

[tepples]

Attempting to swing it back on topic: One might blocklist hostnames that serve unwanted scripts as a means of recovering the 10-13 percent of RAM that Chrome's Site Isolation is using.

At the same time doing in Cygwin bash what his app is purporting to be doing hardly takes more than 5 minutes.

Would there be merit in building the blocklist builder tool that I sketched in this article [pineight.com]?

And on top of that, if you are doing [DNS blocklisting] per machine, you are doing it wrong.

The operator of a LAN could apply changes to devices on the LAN by configuring its DHCP server to point DNS at a local Pi-hole instance. But when you're out in public using your laptop on public Wi-Fi, you need a local blocklist if you'

Re:

[hcs_$reboot]

Seriously 10-13% to have a reliable fix while still having a fast Javascript, I'm ok with that.

Re:

[Rockoon]

Why do you want a fast infection and spying vector?

Re:

[tepples]

Because the alternative is native applications, which are specific to one operating system. If you have a Mac, you see an application that looks interesting to you, only to have to turn away because it's Windows-only. Or if you have anything but a Mac, you see an application that looks interesting to you, only to have to turn away because it's Mac-only. Do you want to have to return to that environment, where you have to buy multiple computers and operating system licenses just to run all the applications i

Re:

[MightyMartian]

If you want to turn your browser into a glorified version of Mosaic, be my guest. Some of us actually want to view the web of 2018, not the web of 1995.

Re:

[hcs_$reboot]

16 GB is quite a lot, and while Chrome is greedy it doesn't take that much (less than 500MB with quite a few tabs opened). The 10-13% applies to Chrome memory, not the system memory..

Re:

[Joce640k]

Which Universe do you live in? If I start Chrome with no tabs open I get 7 processes.

One of those processes is using 1.5Gb and has 38 threads.

That's without opening any web pages, just an empty tab. No, I don't have any extensions installed. None.

Re:

[Ol Olsoc]

Which Universe do you live in? If I start Chrome with no tabs open I get 7 processes.

One of those processes is using 1.5Gb and has 38 threads.

That's without opening any web pages, just an empty tab. No, I don't have any extensions installed. None.

Your answer is in your last two sentences.

Re:

[hcs_$reboot]

How much has your system? Chrome reserves some space if it's not used. Try to load a load of crap aside of Chrome, and you'll see (or do a quick malloc(big))

Re:10-13% more RAM?

[antdude]

Or using old computers like mine with 2 GB & 6 GB of RAM. :(

Re:

[Carrot007]

Have you not updated in like 15 years?

I have not updated in "forever" and I have 16GB.

I think "forever" is probably around 5 years now.

Re:

[antdude]

My old PCs are about a decade old now. :)

Re:

[antdude]

I miss the old days web sites were simple and fast that were designed for dial-up modems. ;)

How vary misleading.

[Anonymous Coward]

This is only a problem for intel cpus.

Re:

[Anonymous Coward]

This is only a problem for intel cpus.

Oh, really?

In particular, we have verified Spectre on Intel, AMD, and ARM processors.
https://meltdownattack.com/ [meltdownattack.com]

Stupid over-reaction

[GerryGilmore]

Supposedly, the biggest vulnerabilities are from cloud providers due to their extensive use of virtualization in their environs.
However, I've never seen a real server that surfs the web using any browser. Stupidity is rampant, paranoia rules and perspective has completely left the building when it comes to Spectre/Meltdown.
The most difficult "vulnerability" to leverage known to mankind has everyone scurrying like mad while basic security - allowing the Equifax breach, say - gets a passing nod. Well done, guys!

Re:

[darkain]

"I've never seen a real server that surfs the web using any browser"

There are countless web based resources that include web page screen shots. These screen shots are not made on client machines by hand, they're made using automated tasks with web browsers running on the servers.

Re:Stupid over-reaction

[mccalli]

Corporate VDI. A lot of the larger corporates are moving away from physical desktops towards having virtual desktops and thin clients.

Re:

[tepples]

A lot of the larger corporates are moving away from physical desktops towards having virtual desktops and thin clients.

How much are these corporates spending on Terminal Server client access licenses (CALs) to allow virtual Windows desktops to work? Or are they instead using virtual FreeBSD or GNU/Linux desktops?

Re:

[thegarbz]

Corporate VDI. A lot of the larger corporates are moving away from physical desktops towards having virtual desktops and thin clients.

A typical employee has far more access to systems and people to care about sophisticated spectre related vulnerabilities. If you have a nefarious employee you're effectively screwed. Corporate IT security is not equipped to handle this.

Re:

[Anonymous Coward]

just because it's only theoretical and difficult doesn't mean chrome shouldn't patch it... if someone successfully made an exploit you just need to put some JS in an advert and you basically own the entire world.

Re:

[Antique Geekmeister]

You would need to define "server". Downloading patches and running reporting toolkits to find precisely what hardware or software revisions is something I've seen available only via some browsers. I've also seen companies require the local scan to report to the vendor on the web page to select the correct patches for local application. It's as confusing and annoying as Sun's, now Oracle's, practice of forcing you through a web form to sign the latest license agreement for the latest Java toolkit.

Re:

[Rain]

Browsers are a concern for the same reason a cloud providers: you are running untrusted code in a sandboxed VM, and Spectre allows you to potentially exfiltrate data from outside the sandbox. Cloud providers are a bigger concern because they're more likely to contain interesting data* and because it's harder to exploit Spectre via Javascript than native code, but there are Spectre proof-of-concepts written in JS.

* interesting to an attacker, relative to the effort required

And yet...

[Anonymous Coward]

[insert your fave js blocker here] will reduce the footprint by MUCH more than that.

Re:

[AHuxley]

Ad brands who give away free OS my not like brokers not showing their OS approved ads.

Re:

[m.dillon]

Yes, an ad-blocker definitely reduces memory usage, by a lot. However, its a bad idea to use any add-on for 'important' sites. I compartmentalize my browser into different user ids so the actual chrome instance I use to access sensitive accounts is completely independent of the instance I use for general browsing. The ad-blocker is disabled for the one I use to access sensitive accounts (in fact, ALL add-ons are disabled for that one), and enabled for the one I use for general browsing.

-Matt

Re:

[hcs_$reboot]

Google developers are among the best in the world. A browser is a very complex program, and some algorithms might gain time-complexity by allowing more space-complexity. This is probably what happens here, Chrome is still performant, but in order to keep the same speed it had to sacrifice some 10-13% memory more.

Re:

[drinkypoo]

Google developers are among the best in the world.

[citation needed]

I remember when Google used to be good at stuff. Lately, though, their developers seem to spend most of their time ruining interfaces for products people have been using for years...

Re:

[hcs_$reboot]

The browser team has to be good (too complex to let web devs in charge).

Chrome memory usage

[Anonymous Coward]

Well, fortunately Chrome didn't use that much memory to begin with.

Oh, wait...

Web sites in this case

[Impy the Impiuos Imp]

I guess porn leads the way in cutting edge innovation for more than just the obvious reason :-/

Re:

[Agripa]

I guess porn leads the way in cutting edge innovation for more than just the obvious reason :-/

The original developers should have known; always practice safe hex.

Chrome is spyware

[Anonymous Coward]

Every click goes to Google. No thanks

Re:

[tepples]

Let's say an application developer owns a Mac. He can choose to develop an application as a Mac application or as a web application. If he develops the application as a web application, then any user with a web browser can run it. But if he develops the application as a Mac application, then only those users whose computer happens to be a Mac can run it. Would you prefer to have to buy a Mac to run one application and buy a Windows PC[1] to run a second application?

[1] Yes, it's possible to virtualize Windo

Re:

[tepples]

They could write their app in java

Since when is Java less bad than JavaScript?

or some desktop script language like python

Because far fewer users of Windows applications have Python installed than have a web browser installed, either each end user would have to locate, download, and install the Python interpreter, or the developer would need to convert the script to a stand-alone application by bundling a copy of the interpreter with the application. Which of these two were you anticipating?

When I tried to convert a small Python+Pygame application that I developed to a stand-alone ex

When dependencies cause abandoned installation

[tepples]

Having to download and run two installers to run a single application causes a greater fraction of abandoned installations than having to download and run only one installer. Electron applications require one; Java applications require two: JRE [oracle.com] and the application itself. Web applications require zero.

Re:

[tepples]

Can Lazarus cross-compile, or do you need to own a sufficiently recent Mac in order to ship for Mac?

Re:

[tepples]

In addition, compiled, native C/C++ runs a lot better than interpreted javascript garbage

How efficiently does a program written in C or C++ and compiled to x86-64 native code run on an ARM device or vice versa?

running inside what's basically another framework that sits on top of the OS.

In order to make a single program written in C++ run on Windows, macOS, and X11/Linux, you need something like Qt, which is also "another framework that sits on top of the OS."

Spectre bugs baked into modern computer processors

[najajomo]

"The critical Meltdown and Spectre bugs baked deep into modern computer processors"

That should be, the critical Meltdown and Spectre bugs baked deep into Intel x86 architecture processors. And such bugs wouldn't so serious if we didn't run our computing on a monoculture. As in nature, when a bug comes it doesn't wipe out a whole population.

"Spectre lets attackers access protected information in your PC’s kernel memory, potentially revealing sensitive details like passwords, cryptographic keys, p

Re:

[Megol]

Spectre is there for all processors with more than the most trivial support for speculative execution. Yes that includes all modern computer processors.

Meltdown is limited to Intel, some IBM designs and some ARM designs.

Re:

[iggymanz]

show me proof Ultrasparc has it.

(No, don't buy an Ultarsparc machine, for anything)

Separate processes == good

[TeknoHog]

Browsers should be using different processes for different websites anyway, as a general security measure, and I believe they have been aiming to do that already. Since Spectre only allows reading memory within the same process, I don't understand the panic here (though I guess it's different for virtual machines).

We've already had countless issues where developers didn't sanitize their inputs, so a malicious piece of data could do something nasty; crucially, we didn't need Spectre for that. Meltdown is a wholly different beast, but I guess Intel needs to keep up the Spectre panic for AMD.

Re:

[Agripa]

Browsers should be using different processes for different websites anyway, as a general security measure, and I believe they have been aiming to do that already. Since Spectre only allows reading memory within the same process, I don't understand the panic here (though I guess it's different for virtual machines).

It is a good thing each web page only loads scripts from one domain.

Feature is more swap-friendly, so actually

[m.dillon]

So actually even though the memory footprint is larger, using separate processes also makes chrome more swap-friendly, which means the kernel can page-in/page-out the tabs more efficiently. The result seems, at least for me, to be a smoother ride when I have a lot of tabs open.

Of course, swap space should always be configured on a SSD.

I always enable the site isolation option. Its nice to see google finally making it the default.

-Matt

Re:

[Agripa]

So actually even though the memory footprint is larger, using separate processes also makes chrome more swap-friendly, which means the kernel can page-in/page-out the tabs more efficiently.

This is true except on processors vulnerable to Meltdown which have to trash the page tables. They change was needed but it moved the problem to the operating system. At least it was feasible.

Worst Bond film ever

[TJHook3r]

Seriously, who are these new Bond films targeting? 3/10.

Hits RAM? Don't care.

[nashv]

Sorry, but I have more RAM than battery life. Why do I bring this up? Because the only real alternative Firefox reduces my battery life by about 30% when I do the exact same things on it as I would on Chrome. And Firefox doesn't even have site isolation yet.

I really want to use Firefox and occassionally fire up the latest version. But I cannot justify using it , because it is trivial to buy a laptop with 32 GB RAM to overcome the resource hungriness. Battery life is not so easy to obtain.

Re:

[hcs_$reboot]

Is this related to TFA, or maybe you plan to watch it in Chrome, and you wonder if your RAM is enough?