Chromium-based browsers like Microsoft Edge use a multi-process architecture for reliability and security reasons.
tl;dr
For reliability, Process isolation means that if one process crashes, the entire browser need not go down. For example, if a page on leaky.com
has a memory leak that’s so bad that its tab crashes with an out-of-memory error, your other tabs remain functional.
For security, Process Isolation means that each processes’ sandbox can be tailored to the minimal privileges needed for its task, ensuring that in the event of a compromise, the badness is limited to the privileges of that processes’ sandbox. A renderer sandbox cannot read or write files on your disk, for example.
Additionally, Process Isolation enables isolating data by site, such that if a tab at evil.com
manages to get arbitrary native code execution (allowing it to read all of the memory in its own process), content from another site (e.g. good.com
) is in a different process and thus not accessible to steal.
A blog post from 2020 helps explain what each of Edge’s processes is used for.
You can view all of the active processes in the browser’s task manager, opened by hitting Shift+Esc
(or on the system menu shown after hitting Alt+Spacebar
):
The new Windows 11 Task Manager exposes similar process detail information from Microsoft Edge. (The API mechanisms used to expose the enhanced process purpose information to the task manager are not yet documented.)
Beyond the information shown in the Task Managers, you can also see information about the security restrictions used to sandbox each process by visiting edge://sandbox
:
-Eric
Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ MSFT '01-'12, and '18-, presently working on Microsoft Edge. My words are my own. View more posts