Apple Unveils WebKit2 with Split Processes (Think Stability)

| News

Apple’s WebKit engineers released a new version of the WebKit framework they called WebKit2. The new version of the rendering engine used by Safari and other browsers introduces a split processing model that keeps Web content in its own process. What this means in more practical language is that a Web page run amok in its own window or tab can’t crash the whole browser.

Anders Carlsson and Sam Weinig made the announcement for Apple, and in that announcement, they acknowledged the work done by Google’s Chrome team, which already had added their own version of split processes to the engine. Google’s Chrome also uses WebKit, but under its own tree called Chromium WebKit.

“This model is similar to what Google Chrome offers,” Messrs. Carlsson and Weinig wrote to an e-mail list, “with the major difference being that we have built the process split model directly into the framework, allowing other clients to use it.”

On the WebKit2 Wiki page, it is explained further that Google’s implementation is a different layer than in WebKit2, which makes it impossible for other users of the open source engine to use.

According to the Wiki, “The Chrome team at Google did a great job at trailblaizing multiprocess browsing with Chrome. But it’s difficult to reuse their work, because the critical logic for process management, proxying between processes and sandboxing is all part of the Chrome application, rather than part of the API layer”

Apple will soon be releasing patches for the new engine to the open source community, and the e-mail posting said that WebKit2 is currently available for Mac OS X and Windows. “We would gladly accept patches to add more ports,” Apple’s developers said.

There is no official word yet on when we’ll see changes based on WebKit2 enter Safari for Mac, Windows, iPod, iPhone, or iPad.

Popular TMO Stories


The Skeptic

This is good news - but I think you are missing the main advantage of the “split process” model: SECURITY.

For the past 4 years, Charlie Miller has used vulnerabilities in Safari to exploit OS X and gain “user” level control of the computer through a “browse-by” website attack.  Eventually a malicious attacker will do the same.

With the split process model, Apple can run each browser process at an access level BELOW that of the current user.  Thus, even if an attacker exploits the browser, he only gets control of a managed process with no access to user data.

Thanks to Google for pioneering this work - which will make an enormous difference to web safety on all operating systems!

Bryan Chaffin

Great post, The Skeptic, and thanks! I wasn’t thinking of that angle at all.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account