Site isolation has been listed as one of the Engineering and technology good articles under the good article criteria. If you can improve it further, please do so. If it no longer meets these criteria, you can reassess it. Review: March 8, 2024. (Reviewed version).

This article is rated GA-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing Low‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Computer science Low‑importance This article is within the scope of WikiProject Computer science, a collaborative effort to improve the coverage of Computer science related articles on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer scienceWikipedia:WikiProject Computer scienceTemplate:WikiProject Computer scienceComputer science articles Low This article has been rated as Low-importance on the project's importance scale. Things you can help WikiProject Computer science with: Here are some tasks awaiting attention: Article requests : Requested articles/Applied arts and sciences/Computer science, computing, and Internet Cleanup : Computer science articles needing attention Computer science articles needing expert attention Copyedit : Computing Expand : Computer science Infobox : Computer science articles without infoboxes Maintain : Timeline of computing 2020–present Photo : Find pictures for the biographies of computer scientists (see List of computer scientists) Computing articles needing images Stubs : Computer science stubs Unreferenced : WikiProject Computer science/Unreferenced BLPs Project-related : Tag all relevant articles in Category:Computer science and sub-categories with ((WikiProject Computer science))

A fact from Site isolation appeared on Wikipedia's Main Page in the Did you know column on 3 February 2024 (check views). The text of the entry was as follows: Did you know... that adding the site isolation security feature made Google Chrome use 10 percent more RAM? A record of the entry may be seen at Wikipedia:Recent additions/2024/February. The nomination discussion and review may be seen at Template:Did you know nominations/Site isolation.

This article can greatly benefit from defining what it means by 'site', 'cross-origin site' (the latter probably should be changed to something like 'cross-origin web page', as it doesn't refer to site in the sense of origin) and 'instance' (which refers to a renderer instance like a tab or window and not a browser instance). See also https://www.chromium.org/developers/design-documents/site-isolation/ --PaulT2022 (talk) 22:54, 3 February 2024 (UTC)[reply]

Also, The singular rendering process would engage with other privileged services when necessary to execute elevated actions when viewing a web page. is incorrect per the Chromium link above ('Chrome made an effort to place pages from different web sites in different renderer processes when possible') and the 2013 paper referenced in the article (see table on p.80). It should be something like 'singular per rendered web page'. PaulT2022 (talk) 00:23, 4 February 2024 (UTC)[reply]

@PaulT2022 If you take a look at "Project progression" of the same link it mentions that the vast majority of traditional navigations (link-clicks, every other interaction) would lead to the renderer process being shared between origins. While the mechanism to seperate sites did exist, it wasn't used very much/at all, site isolation forced the architecture to be process per renderer by default.

Regarding the confusion wrt to 'site', the Chrom(e|ium) definition refers to eTLD+1 seperation, whereas Reis 2009 and Firefox use the complete origin as a site identifier. I do agree that the article is lacking some nuance in that aarea, and I'll see how I can add it without adding more jargon (which is hard) :) Sohom (talk) 08:26, 4 February 2024 (UTC)[reply]

it wasn't used very much/at all, site isolation forced the architecture to be process per renderer by default – I don't believe this was the case. Chromium used isolated renderer processes for each website from the beginning ("it swapped renderer processes for cross-site navigations that were initiated in the browser process (such as omnibox navigations or bookmarks)"). According to the 2013 paper, other browsers were too by 2013. The issue was that iframes embedded in the page were rendered by the same process, and the process was re-used when navigating to another site, which resulted in scripts potentially having access to the same memory that was used to render a page from another origin previously. PaulT2022 (talk) 14:31, 4 February 2024 (UTC)[reply]

@PaulT2022 I agree with what you are saying, I'm not disputing that new renderers were created for bookmark and omnibox navigations. However, that does not account for a vast majority of navigations on the web (how many times do you search a specific thing in a new tab (creates a new process) vs click on a link (reuses renderer processes)). Using the process-per-rendering-instance model for 2% of navigations and process-per-browsing-instance model for the rest, does not change the fact that the predominant model is still process-per-browsing-instance. Sohom (talk) 16:05, 4 February 2024 (UTC)[reply]

I agree with this (although not quantitatively with 2%, as it's a new process for each address bar navigation/search as well).

All I'm saying is that it isn't evident from the text, especially to someone not familiar with the background, that 'singular' means process-per-browsing-instance. PaulT2022 (talk) 16:16, 4 February 2024 (UTC)[reply]

This review is transcluded from Talk:Site isolation/GA1. The edit link for this section can be used to add comments to the review.

Reviewer: RoySmith (talk · contribs) 17:04, 4 March 2024 (UTC)[reply]

@Sohom Datta: starting review. RoySmith (talk) 17:04, 4 March 2024 (UTC)[reply]

• "following the release of the Spectre and Meltdown vulnerabilities to the public", that's an odd way to phrase it. You "release" software. I think what you meant here is "disclosure" or something similar.

 Done

• " While previously accessing restricted memory was a relatively involved process requiring a compromised renderer, the Spectre vulnerability made it much easier to access arbitrary memory." I would rewrite that as "Spectre made it much easier to access arbitrary memory; this was previously a complicated process which required a compromised renderer." The next sentence ("This exposed...") is kind of convoluted. I'm particularly confused by what "as using JavaScript" is supposed to be saying.

I've tried simplifying this

• "Over the years, multiple versions of the site isolation architecture have been proposed." This sentence doesn't say much. I'd drop it and just start with "In 2009, Reis et all..."

 Done

• "This was subsequently improved upon ...", how about, "This was improved upon in <whatever year> by the Gazelle research browser..."

 Done

• "based on their web principal" explain what a "web principal" is.

The part after the comma briefly explains what a web-principal is.

• "the OP ... IBOS, Tahoma and the SubOS browser": browsers (plural)

 Done

• "Google Chrome released a conference paper" I'd say that as "Reis, et al of the Google Chrome project presented a paper at USENIX ..."

 Done

• "the idea of websites frames" I'm guessing you meant "websites'" (plural possessive) or "a website's"?

 Done

• "a feature that had been suggested by the Gazelle web browser" browsers don't suggest, people do. Perhaps "used by Gazelle" or "suggested by Gazelle's authors"?

 Done

• "requiring over 4000 commits over a period of 5 years" avoid repetition, so "more than 4000 commits from 320 contributors over a period of..."

 Done

• "Chrome's implementation of site isolation allowed them" Chrome is not a person, so "them" can't be used to refer to it. "allowed it", I guess?

 Done

• "which allowed attackers to compromise the same-origin policy": written like that, it's not clear if it is "Chrome's implementation" or "uXSS attacks" which are doing the allowing.
• "attacks reported in between", omit "in"

 Done

• "by the deployment on Site Isolation.": on -> of. Also, why is Site Isolation capitalized?

 Done

• "preventing various variations" Just one of the "v" words is enough.

 Done

• "Firefox announced" -> "The Firefox development team"

 Done

• "iterated on a few of the flaws". You iterate on successes. You address or fix flaws.

 Done

• "the fact that similar web pages were still vulnerable to uXSS attacks." similar to what?
• "Similar to Chrome, the project..." avoid repetition of the word "similar"

 Done

• "Historically, site isolation has only been implemented by research browsers" Be more specific about what "Historically" means. Prior to some particular year? Prior to some specific browser release?

 Done

• "This was because the approach was considered" -> "The approach was considered..."

 Done

• "resource and memory intensive due to increase in the amount of memory space taken up by the processes." This sentence got lost somewhere. Memory is a kind of resource, so "resource and memory" is redundant. And "memory intensive" is redundant with "increase in the amount of memory space taken up".

 Done

• "This was reflected in real world implementations as well", it's unclear what "This" refers to.

Clarified

• "took one to two cores more" link "core" to Central processing unit (or some other target if there's on that's more appropriate).

 Done

• "not considered a silver bullet"; that's jargon. Perhaps "not considered a panacea"? Also, who is doing the considering here?

That would have been Microsoft Reasearch, but you are right, that line isn't the best, I've tried to reword that part.

OK, that's it for a first reading. Overall, this is looking pretty good. I still need to come back for another read after you've addressed the issues I've noted above, plus copyright checks and reference spot-checks. I may not get back to that for a few days. RoySmith (talk) 18:02, 4 March 2024 (UTC)[reply]

Oh, one other thing; while not strictly required, it would be helpful if this could be illustrated with some block diagrams of how the various browser components interact with each other and how they are distributed among processes in the various architectures. Also, different operating systems have somewhat different concepts of what a process is. If you could find anything which talks about how those differences affect implementations of site isolation on different platforms, that would be useful. RoySmith (talk) 18:09, 4 March 2024 (UTC)[reply]

I've added a diagram. I wasn't able to find much discussion about the comparism between different process implementations :( Sohom (talk) 03:29, 8 March 2024 (UTC)[reply]

Source spotcheck: 2, 5, 6, 12, 17 vs Special:Permalink/1211912654

• The entire last paragraph of Background is cited to refs 5 & 6. Ref 5 is a 16 page paper. The paragraph talks about both Spectre and Meltdown. Ref 5 mentions neither of those. Ref 6 only mentions Spectre. This really needs to be cited at a finer resolution, citing specific page numbers in ref 5, and teasing apart which statements are supported by which of the two references.

I've added some new sources that mention both Spectre and Meltdown and specified which pages I am citing.

• Ref 6 is a self-published blog, but I'm willing to accept it as a WP:RS based on the authors being subject matter experts.
• "Around the same time, work was also being done on the OP (which would later become the OP2 browser), IBOS, Tahoma and the SubOS browsers all of which proposed different paradigms to solve the issue of process separation amongst sites.[8][2]" As far as I can tell, everything in this sentence is supported by ref-8 (section "7 Related Work"), so I'm not sure what value also citing it to ref-2 has.

Ref 2 provides a break down of each of the research browser's methodologies. While it is not strictly required, it would be useful to a more technical reader who might want to dig deeper.

• Ref 2 is 20 pages; please provide more detailed citations including page numbers.

 Done

• "The Chrome team found that all 94 uXSS attacks ..." this sentence is cited to refs 11 & 12, neither of which mentions 94 uxss attacks.

Fixed

• Ref 17 is 20 pages long. Please provide more specific citations to page numbers.

 Done

As far as copyright problems go, a scan with Earwig turned up nothing of concern. RoySmith (talk) 20:00, 5 March 2024 (UTC)[reply]

RoySmith (talk) 19:58, 5 March 2024 (UTC)[reply]

@Sohom Datta I've placed this on hold. Please address the above issues in the next 7 days, thanks. RoySmith (talk) 18:37, 7 March 2024 (UTC)[reply]

@RoySmith I've addressed your points above. Let me know if there are any more concerns/issues :) Sohom (talk) 15:31, 8 March 2024 (UTC)[reply]

Looks good, thanks. Nice article. It's amazing how sophisticated some of these attacks are. RoySmith (talk) 15:47, 8 March 2024 (UTC)[reply]