New issue
Advanced search Search tips

Issue 877912 link

Starred by 1 user

Issue metadata

Status: Duplicate
Owner:
Closed: Aug 27
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

Can we exclude V8 mitigations due to the enabling of site isolation?

Reported by shiyu.zh...@intel.com, Aug 27

Issue description

Currently, Chrome's site-isolation and V8's untrusted-code-mitigations are working together to protect against the exploitation of speculative execution optimizations used by modern CPUs like Spectre. However, these V8 mitigations like poisoning and array index masking come with a performance trade-off, especially on computational-heavy workload like Octane2.

Since site isolation has been turned on in Chrome 67 providing the ability to keep the secret data and attack code in separate processes, I was wondering if we could exclude the V8 mitigations (or part of the mitigations) for Chrome where site isolation is on by default.

 
Components: Blink>JavaScript Internals>Sandbox>SiteIsolation
Mergedinto: 866721
Owner: rmcilroy@chromium.org
Status: Duplicate (was: Unconfirmed)
Yes, they've been disabled already (when Site Isolation is enabled) in r579643, for issue 866721.  Thanks for checking!

Sign in to add a comment