Site Isolation
What is Site Isolation?
Site IsolationA Chromium security architecture that places documents from different sites into separate operating-system processes so a compromised renderer cannot read cross-site data.
Site Isolation is a browser security feature, first shipped in Chrome, that ensures each site occupies its own renderer process and that cross-site iframes run in out-of-process iframes. The browser process enforces this boundary, and Cross-Origin Read Blocking (CORB) and Opaque Response Blocking (ORB) prevent sensitive responses from cross-origin sites being delivered into a renderer that should not access them. The design hardens the browser against side-channel attacks such as Spectre and against renderer-RCE exploits: even if attacker code runs inside one renderer, the operating system process boundary protects authenticated data from other sites. Edge, Brave, and other Chromium derivatives inherit the same model.
● Examples
- 01
Opening attacker.com and bank.com results in two separate renderer processes.
- 02
An iframe of accounts.google.com inside news.example runs in its own OS process.
● Frequently asked questions
What is Site Isolation?
A Chromium security architecture that places documents from different sites into separate operating-system processes so a compromised renderer cannot read cross-site data. It belongs to the Application Security category of cybersecurity.
What does Site Isolation mean?
A Chromium security architecture that places documents from different sites into separate operating-system processes so a compromised renderer cannot read cross-site data.
How does Site Isolation work?
Site Isolation is a browser security feature, first shipped in Chrome, that ensures each site occupies its own renderer process and that cross-site iframes run in out-of-process iframes. The browser process enforces this boundary, and Cross-Origin Read Blocking (CORB) and Opaque Response Blocking (ORB) prevent sensitive responses from cross-origin sites being delivered into a renderer that should not access them. The design hardens the browser against side-channel attacks such as Spectre and against renderer-RCE exploits: even if attacker code runs inside one renderer, the operating system process boundary protects authenticated data from other sites. Edge, Brave, and other Chromium derivatives inherit the same model.
How do you defend against Site Isolation?
Defences for Site Isolation typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Site Isolation?
Common alternative names include: Strict Site Isolation.
● Related terms
- appsec№ 129
Browser Sandbox
An OS-level isolation layer that confines a browser's renderer and helper processes so that compromised web code cannot read the file system or other applications.
- appsec№ 1075
Speculative Execution Side Channel
A microarchitectural vulnerability class where CPUs leak data through caches and predictors after executing instructions speculatively along paths that should not have run.
- vulnerabilities№ 1074
Spectre
A family of microarchitectural attacks that abuse CPU speculative execution to leak data across security boundaries via cache-based side channels.
- vulnerabilities№ 665
Meltdown
A microarchitectural vulnerability (CVE-2017-5754) that lets unprivileged code read kernel memory by exploiting out-of-order execution and a delayed permission check.
- appsec№ 960
Same-Origin Policy (SOP)
Browser security rule that restricts how a document or script loaded from one origin can interact with a resource from a different origin.
- defense-ops№ 964
Sandbox Escape
A vulnerability or exploit chain that lets code break out of an isolating sandbox — browser, VM, or hypervisor — to gain code execution in the surrounding host environment.