Google, which is the company that discovered the Meltdown and Spectre vulnerabilities, will be patching the said vulnerabilities in Chrome on or before January 23. While on the other hand, Microsoft has already made changes to Internet Explorer and Microsoft Edge with a fix for the found vulnerability.
While Google hasn’t patched the vulnerabilities yet, the company has detailed the steps to fix Meltdown and Spectre vulnerabilities in Chrome. The actual fix is expected to arrive with Google Chrome 64 and just like Microsoft, Google is also disabling SharedArrayBuffer and optimizing the behaviour of performance.now(). This will prevent the attackers from taking the advantage of the found vulnerabilities with a malicious javascript.
“Chrome’s JavaScript engine, V8, will include mitigations starting with Chrome 64, which will be released on or around January 23rd, 2018. Future Chrome releases will include additional mitigations and hardening measures which will further reduce the impact of this class of attack,” Google said in a blog post.
In order to block exploits from attempting to take over your system, Google is making important changes to the browser that might affect the performance of web browsing. Since Google won’t deliver patches for Chrome browser until January 23, here’s how you can fix Meltdown and Spectre in Google Chrome on Windows.
Protect Google Chrome from Meltdown and Spectre vulnerabilities
- First, make sure Chrome is up-to-date.
- In Google Chrome, enable the Site Isolation feature, this “ensures that each renderer process contains pages from at most one site”.
- To enable Site Isolation, in address bar, type: chrome://flags#enable-site-per-process
- And click enable.
The feature basically prevents data sharing with any other sites. If a website with malicious code attempt to exploit the vulnerabilities, it won’t be able to steal the data since Site Isolation feature would block it.
For those who don’t know, Site Isolation is an experimental feature. The feature is available in latest version of Chrome for Windows, Mac, Linux, Chrome OS and Android.
