[quotheth]

Yep, it's disabled by default. It is a great indicator of the forward thinking work they do, though. And from a corp perspective we can push out policies to enable site isolation for high risk websites (SSO).

"The only interesting thing" is a bit disparaging haha that's kind of a big deal. It means that third party iframes, as one example, run in a separate process. It breaks the case where I am evil.com, and you are okta.com, and there is a way for me to leak data within a process (or exploit the process), I can read okta.com's data.

With site isolation is this made considerably more difficult.