[eridius]

> Site isolation, which was released recently, is a really great example of how far ahead they are - site isolation is at least 3, maybe 4 years in the making. That's serious work.

I just searched for chrome site isolation and found https://chromeunboxed.com/news/chrome-63-site-isolation-exte.... And from this description the only particularly interesting thing is multiple domains within a single tab get multiple processes, but that doesn't sound all that different from how you get multiple processes per tab if the tab uses browser plugins. What makes this 3 or 4 years in the making?

Also it's disabled by default because of RAM usage.

[quotheth]

Yep, it's disabled by default. It is a great indicator of the forward thinking work they do, though. And from a corp perspective we can push out policies to enable site isolation for high risk websites (SSO).

"The only interesting thing" is a bit disparaging haha that's kind of a big deal. It means that third party iframes, as one example, run in a separate process. It breaks the case where I am evil.com, and you are okta.com, and there is a way for me to leak data within a process (or exploit the process), I can read okta.com's data.

With site isolation is this made considerably more difficult.