Hacker News new | past | comments | ask | show | jobs | submit login

Even if all you care about is security, I don't think Site Isolation makes a real-world difference right now, as it's simply a defense-in-depth Spectre mitigation in case the first-line Spectre mitigations, which are deployed in both Chrome and Firefox, fail. At present, using Site Isolation to protect against compromised renderers is a TODO for both Chrome and Firefox. It's true that Chrome is closer to getting there, though.



Please correct me if am wrong: But I think both Chrome and Safari have disabled/removed their Spectre-mitigations in the JS engine.


For Chrome the TurboFan (jit optimizing compiler) Spectre mitigations are turned off when site isolation is on.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: