Google is working on “Strict Extension Isolation” for Chrome. Each extension will have its own process.
Table of Contents
Strict Extension Isolation
Google Chrome currently has sandboxing for tabs. Each website that you open uses its own process. If a tab crashes or is compromised, other tabs are not affected.
For Chrome extensions, however, Google had a different approach. As this feature request bug explains:
“When we enabled Site Isolation (–site-per-process) by default, we allowed extensions to share processes with each other to keep the process count lower (see r548645). Specifically, if there are more extension processes than 1/3 the total process limit, additional extensions will share a random existing extension process (per issue 98737).”
To change the current method, Google is introducing a new feature to lock all extension processes.
“This prevents extensions from sharing a process with each other
when Chrome is over the process limit.”
I don’t see them calling this “Sandboxing” except on the tag on the bug. However, this feature sounds like sandboxing for Chrome extensions tom me.
You will soon see an experimental Chrome flag in the Canary channel:
Strict Extension Isolation: Experimental security mode that prevents extensions from sharing a process with each other.
As a user, you may not see any visible changes. Well, you might see an increase in the number of processes in the task manager. Apart from that, just know that Chrome will become more secure.
Vulnerable extensions are a major reason for embarassment for Chrome. This feature does not change a lot, but it reduces the impact of vunerable extensions.
Do you agree?
Source: Chromium Gerrit.