Google Chrome team has just released new versions of the browser for Desktop and for Android. The PC variant brings “Not Secure” for all HTTP pages, while the mobile version comes with a fix against the Spectre vulnerability. The smartphone browser also gets a horizontal tab switcher that looks like the Android P Recent menu.
The Spectre fix works quite simply. The update brings an enterprise policy, enabled by default, called Site Isolation that renders pages in separate processes to prevent malicious websites from getting any sensitive information like passwords, cookies, and additional data. It can be turned on and off manually with the “chrome://flags/#enable-site-per-process” flag.
Chrome started by introducing “Not Secure” notification in the Omnibar back in February, and now after a report that 76% of the traffic is secured, the developers decided to go along and mark all http pages as insecure. When you enter the page, the warning will sit next to the URL in the address bar, but if you try to type in any info, including sensitive data like emails or passwords, the Omnibar will show the “Not Secure” tab in red.
Please dump chrome and use firefox browser or DDG (duckduckgo) if you value your freedom.
Mitigation of risk at best. The only way to fix this Spectre/Meltdown fiasco is a complete redesign of the SoC and ARM architecture. Not sure if the Cortex A-76 already fixed it, but it still hasn't then they're still vulnerable.