Microsoft Edge’s Many Processes
2021-12-02 04:13:27 Author: textslashplain.com(查看原文) 阅读量:15 收藏

Chromium-based browsers like Microsoft Edge use a multi-process architecture for reliability and security reasons.

tl;dr

For reliability, Process isolation means that if one process crashes, the entire browser need not go down. For example, if a page on leaky.com has a memory leak that’s so bad that its tab crashes with an out-of-memory error, your other tabs remain functional.

For security, Process Isolation means that each processes’ sandbox can be tailored to the minimal privileges needed for its task, ensuring that in the event of a compromise, the badness is limited to the privileges of that processes’ sandbox. A renderer sandbox cannot read or write files on your disk, for example.

Additionally, Process Isolation enables isolating data by site, such that if a tab at evil.com manages to get arbitrary native code execution (allowing it to read all of the memory in its own process), content from another site (e.g. good.com) is in a different process and thus not accessible to steal.

A blog post from 2020 helps explain what each of Edge’s processes is used for.

You can view all of the active processes in the browser’s task manager, opened by hitting Shift+Esc (or on the system menu shown after hitting Alt+Spacebar):

The new Windows 11 Task Manager exposes similar process detail information from Microsoft Edge. (The API mechanisms used to expose the enhanced process purpose information to the task manager are not yet documented.)

Beyond the information shown in the Task Managers, you can also see information about the security restrictions used to sandbox each process by visiting edge://sandbox:

-Eric

Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ MSFT '01-'12, and '18-, presently working on Microsoft Edge. My words are my own.


文章来源: https://textslashplain.com/2021/12/01/microsoft-edges-many-processes/
如有侵权请联系:admin#unsafe.sh