Google’s Chrome developers recently addressed a security issue by partitioning your browser cache by website, rather than a single unified heap.
Google Chrome engineers Josh Karlin and Shivani Sharma explained the issue with a unified cache:
“This opens the browser to a side-channel attack where one site can detect if another site has loaded a resource by checking if it’s in the cache. That sounds innocuous, but it can be used for many nefarious deeds such as discovering what’s in your inbox, contacts, etc..”
Since Chrome 85 the browser has been creating site-specific caches which other sites can not interact with. Unfortunately, this comes with a performance hit.
“Early (canary/dev) results using top-frame-site show that the impact isn’t nearly as bad as feared. The cache hit rate drops by about 4% but changes to first contentful paint aren’t statistically significant and the overall fraction of bytes loaded from the cache only drops from 39.1% to 37.8%. This may change as we progress to beta and stable but it seems like an encouraging start,” the Google engineers stated.
Google is looking to mitigate this by expanding the size of the site-specific caches.
“Now that cache will be partitioned, it makes sense to see if increasing the cache size helps offset some performance impact by lowering the eviction rate,” said Sharma in a Chrome Gerrit post.
Google is planning to do experiments with Canary, Beta, and Dev build users, expanding the site-specific browser chance between 2 and 3 times the usual size. This should increase the cache hit rate and improve load times.
The test has not been approved yet, but should roll out to beta testers soon.