Overview

Site Isolation is a security feature in Chrome that offers additional protection against some types of security bugs. It makes it harder for untrustworthy websites to access or steal information from your accounts on other websites.





Websites typically cannot access each other's data inside the browser, thanks to code that enforces the Same Origin Policy. Occasionally, security bugs are found in this code and malicious websites may try to bypass these rules to attack other websites. The Chrome team aims to fix such bugs as quickly as possible.





Site Isolation offers a second line of defense to make such attacks less likely to succeed. It ensures that pages from different websites are always put into different processes, each running in a sandbox that limits what the process is allowed to do. It also makes it possible to block the process from receiving certain types of sensitive data from other sites. As a result, a malicious website will find it much more difficult to steal data from other sites, even if it can break some of the rules in its own process.





For more technical information about the protections offered by Site Isolation and how they are built, please see the project's design document

Known Issues Site Isolation represents a major architecture change for Chrome, so there are some tradeoffs when enabling it, such as increased memory overhead. The team has worked hard to minimize this overhead and fix as many functional issues as possible. A few known issues remain:

For users: Higher overall memory use in Chrome. On desktop in Chrome 67, this is about 10-13% when isolating all sites with many tabs open. On Android in Chrome 77, this is about 3-5% overhead when isolating sites that users log into.

For web developers: Full-page layout is no longer synchronous, since the frames of a page may be spread across multiple processes. This may affect pages that change the size of a frame and then send a postMessage to it, since the receiving frame may not yet know its new size when receiving the message. One workaround is to send the new size in the postMessage itself if the receiving frame needs it. As of Chrome 68, pages can also work around this by forcing a layout in the sending frame before sending the postMessage. See Site Isolation for web developers for more details.





Unload handlers may not always run when the tab is closed. postMessage might not work from an unload handler (964950).





When debugging with --disable-web-security , it may also be necessary to disable Site Isolation (using --disable-features=IsolateOrigins,site-per-process ) to access cross-origin frames.



How to Configure For most users, no action is required. For more advanced cases, there are two ways to enable Site Isolation: isolating all sites, or isolating a list of certain sites. 1) Isolating All Sites This mode is enabled by default for 100% of Chrome users on Windows, Mac, Linux, and Chrome OS. The instructions below can still be useful on Android, for users desiring the highest security on devices with sufficient RAM.

This mode ensures that all websites are put into dedicated processes that are not shared with other sites. It can be enabled in either of the following ways: Visit chrome://flags#enable-site-per-process, click Enable, and restart. (See also: help center article. Note that this flag is only present on Android and is missing on other platforms.)



Or, use an Enterprise Policy to enable SitePerProcess or SitePerProcessAndroid within your organization.

2) Isolating Certain Sites This mode allows you to provide a list of specific origins that will be given dedicated processes, rather than isolating all sites. The main advantage of this mode is that it typically uses less memory than isolating all sites, although it requires knowing which sites need isolation the most. If using this approach, we recommend including sites that need extra protection on the list, such as any site that you log into. (Note that subdomains are automatically included, so listing https://google.com will also protect https://mail.google.com.) This mode is automatically enabled on Android as of Chrome 77, for sites that users log into.

This mode can be manually enabled in any of the following ways: In Chrome 77 or later versions: Enable chrome://flags/#isolate-origins, provide the list of origins to isolate (e.g. “https://example.com,https://youtube.com”), and restart Chrome. Use command line flags to start Chrome with --isolate-origins followed by a comma-separated list of origins to isolate. For example:

--isolate-origins=https://google.com,https://youtube.com

Be careful not to include effective top-level domains (e.g., https://co.uk or https://appspot.com; see the full list at https://publicsuffix.org), because these will be ignored.





followed by a comma-separated list of origins to isolate. For example: Or, use an Enterprise Policy to enable IsolateOrigins or IsolateOriginsAndroid within your organization.

Note that changes to chrome://flags and the command line only affect the current device, and are not synced to your other instances of Chrome. Diagnosing Issues If you encounter problems when Site Isolation is enabled, you can try turning it off by undoing the steps above, to see if the problem goes away.

You can also try opting out of field trials of Site Isolation to diagnose bugs, by visiting chrome://flags#site-isolation-trial-opt-out, choosing "Disabled (not recommended)," and restarting.

Starting Chrome with the --disable-site-isolation-trials flag is equivalent to the opt-out above.

Note that if Site Isolation has been enabled by enterprise policy, then none of these options can be used to disable it.

We encourage you to file bugs if you encounter problems when using Site Isolation that go away when disabling it. In the bug report, please describe the problem and mention that you are using Site Isolation.

Verifying

You can visit chrome://process-internals to see whether a Site Isolation mode is enabled.

If you would like to test that Site Isolation has been successfully turned on in practice, you can follow the steps below: Navigate to a website that has cross-site subframes. For example: Navigate to http://csreis.github.io/tests/cross-site-iframe.html.

Click the "Go cross-site (complex page)" button.

The main page will now be on the http://csreis.github.io site and the subframe will be on the https://chromium.org site. Open Chrome's Task Manager: Chrome Menu -> More tools -> Task manager (Shift+Esc). Verify that the main page and the subframe are listed in separate rows associated with different processes . For example: Tab: creis.github.io/tests/cross-site-iframe.html - Process ID = 1234

Subframe: https://chromium.org - Process ID = 5678 If you see the subframe process in Chrome's Task Manager, then Site Isolation is correctly enabled. These steps work when using the "Isolating all sites" approach above (e.g., --site-per-process ). They also work when using the "Isolating certain sites" approach above (e.g., --isolate-origins ), as long as the list of origins provided includes either http://csreis.github.io or https://chromium.org.