Google is changing Chrome’s caching to prevent snooping and improve security
Google plans to introduce a change to caching in the company’s Chrome web browser that is designed to improve user privacy and security. All web browsers use a cache by default to load previously accessed files more quickly when resources are requested again; this speeds up the loading of sites as content is loaded from the local system and not a remote server.
Caching works by saving a resource, an image for example, along with its full URL as the key for identification purposes. Any site requesting the resource, be it directly or in an iframe, will benefit from the cached file. While that speeds up loading, it poses risks as site may use the mechanism to detect if a specific site was visited by the user in the past. Other risks include cross-site tracking and cross-site search attacks.
Google engineers developed a partition system for the cache in the Chrome web browser to mitigate these risks. The main idea is simple: instead of saving a resource with its full URL only, Chrome is adding two more bits of data to the saved information. Chrome will save the top-level site and the current-frame site next to the full URL of the cached resource. The browser uses the information to determine whether it should serve resources from the cache or not.
Chrome will load the cached resource if the request comes from the original top-level site regardless of whether it is requested directly or using an iframe. Caching rules ignore ports and subdomains.
When an unrelated site requests the file, Chrome will load it from the server and not the cache.
Google’s data indicates that the new caching functionality increases the miss rate by about 3.6% and will increase the “fraction of bytes loaded from the network” by about 4%.
Apple is already using cache isolation in the Safari browser. Mozilla has plans to introduce the functionality in Firefox as well.
The introduction of cache partitioning improves privacy and security when caching files. Google plans to introduce the change in Chrome 86 gradually. The new version of the browser was released on October 6, 2020.