[zetafunction]

As a Chrome developer, I agree that process-per-tab absolutely should not be a replacement for fixing bugs. However, I think it's important to point out that process-per-tab is not just for stability: it's also critical for security.

[dmix]

Chrome is way ahead of Firefox in terms of security. It's worth the performance trade-offs.

Each website is rendered in a separate process with a sandbox, each with an empty chroot + process namespace + network namespace + tiny seccomp-bpf + syscall whitelist.

Chrome also has a stronger sandbox, pioneers better SSL, supports PIE on binaries, uses pepper - doesnt use native Flash plugins, the JIT compiler does randomization / encryption tricks to make it hard to heap spray exploit code. They have their own hardened memory allocator called PartitionAlloc.

Etc Etc.

Firefox also had more critical CVEs in 2014 than Chrome: http://pastebin.com/raw.php?i=2CRyJkmV

And reports of sandbox escapes are less common in Chrome for a reason.

[jacobolus]

Worth the performance trade-off for who?

For my own use cases, Chrome drags my whole system performance into a gutter and shoots it full of bullets.

In other words, it’s not just a “trade-off”, but rather Chrome is completely and utterly unusable, while both Safari and Firefox handle the load with no problem.

[spoiler]

I actually have more problems with Firefox's performance than with Chrome's (in terms of processor power), Chrome definitely uses more memory, but it's super fast; firefox is just abysmally slow and can;t handle more than a few tabs. Tried both browsers on Windows 8.1 and Linux, with different machines (home and work computers), too.

However, my high memory consumption in Chrome was due to using AdBlock, which is much lower now that I switched to uBlock. Even back with AdBlock, memory was never an issue with many tabs open.

My only problem (which is probably not Chrome's, but my laptop's fault) is that sometimes, when having ~20 tabs open, and certain tabs are idle for a long time, they take a bit of time to re-render once I visit them again, but that also used to happen in Firefox.

[cmon_yar]

You should also keep in mind that everyone dosen't owns a high end machine or even a macbook. I have 4 machines at home , maximum specs are 2.5ghz with i3-4gb , and I guess this should be sufficient for running chrome alone , well atleast theoritically. In reality , chrome starts being unresponive , crashing tabs and stuff occurs beyond opening tabs beyond 7-8 and flash player crashes more often. Anddd , firefox is sure late to start ( a longer startup time ) , but idk how it manages to sustain itself throughout. In one of my machine , I have arch installed with bspwm as WM ,and firefox takes about 150-200 mb only ( when I'm aggresively testing it ) , with 7-8 tabs. Chrome , well ...

[Joeri]

I use chrome on an atom netbook with 2 GB ram, and it generally performs well even with 8 tabs open (some sites can bring it to its knees though)

That's the thing with anecdotal evidence, it's a sample of one.

[wooger]

uBlock is now available on Firefox too, and makes an even more dramatic difference in performance.

I really don't know what you're talking about - Chrome is a dog after ~10 tabs are opened, uses crazy memory and becomes unusable fast once it starts paging. Firefox remains stable, backgrounds tabs you're not using in a graceful way, and doesn't try to open and render every single tab at once on a session restore.

It's unbelievable that Chrome still does this, after the problem has been reported for years.

[michaelmior]

I regularly have dozens of tabs open in Chrome on both Windows and Linux and I haven't experienced the unusably fast (slow?) behaviour you're talking about. That said, Chrome seems much more unstable than Firefox for me lately.

[jacobolus]

My typical browsing has about 50–100 background tabs (stuff kept around to look at later), with spikes up to 300+ (when I’m actively researching something). This kind of usage in Chrome absolutely trashes system performance, especially if any of those tabs happen to have gmail/gdocs/gmaps/g+ stuff in them (ironic, huh?), or other heavyweight sites like facebook. Safari and Firefox mostly don’t have a problem, though restarting the browser once every few days can sometimes help clear up some memory/CPU.

[jtblin]

Are you on Windows? I'm not seeing this on Mac, I often have 30+ tabs opened and apart from high memory, I don't suffer of any performance issues.

[mirimir]

It depends on the user's risk/benefit model.

There are WebKit-based browsers far lighter and faster than Firefox. Chrome, Firefox in Linux, and the Tor browser provide better security. Isolating browsers in separate VMs or Qubes AppVMs provides even better security.

[saurik]

Chrome does not load every website into its own process: it does a lot of cross-site process sharing, and often very large numbers of sites can end up in the same process. It also does not keep each website into only one process, so in practice if a lot of tabs exist for one process (whether malicious or vulnerable) you can be assured of an overlap as you can end up in every process.

[davorb]

We should also keep in mind that Google is a content company, and is leverageing their market share to bring us such wonderful features such as HTML5 DRM support in our browsers.

[zobzu]

I'll just throw that in there but Firefox Linux - since you refer to that (99% of what you just mentioned doesnt exit on windows/osx) - so yeah, Firefox for Linux uses the Chromium sandbox. You know, the exact same code, with a different filter and options applied.

Sure, its process model isnt as "secure" as chrome since it has the trade off or sharing more memory among other examples. But as a user, it seems like a freaking good enough trade off right now....

[zobzu]

http://hg.mozilla.org/mozilla-central/file/a7c177546ca0/secu... its not actually hard to read/find

[scobar]

I found your statement very interesting, and would like to learn more. If you're allowed, would you please provide more details or links to resources that further explain the security issues that process-per-tab resolves?

[geofft]

There's a bunch of good public docs on the Chromium security architecture. One big thing that having a separate process per origin does is that you can use OS sandboxing techniques on each process separately, and even if there are renderer bugs, an exploit can't immediately get to another origin; it provides defense in depth by also requiring a sandbox escape.

Here's an old paper that talks about the architecture (it hasn't changed much at a high level):

http://seclab.stanford.edu/websec/chromium/chromium-security...