Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Restrict CPU core sharing for renderer process
Supported versions
- On Windows since 140 or later
Description
This policy helps mitigate side-channel cross-process memory attacks by isolating the renderer process to a dedicated CPU core, preventing other processes from being scheduled on the same core. This mitigation is supported on Microsoft® Windows® 11 24H2 and later. If the operating system does not support the necessary scheduling features, this policy has no effect. Enabling this policy may reduce performance in demanding workloads, similar to the impact of disabling hyperthreading. For more information refer PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY structure (winnt.h) If you enable this policy, other processes can not be scheduled on the same CPU core as a renderer process. If you disable this policy, other processes can be scheduled on the same CPU core as a renderer process. If you don't configure this policy, other processes may be scheduled on the same core as the renderer process. Behavior may vary depending on Microsoft Edge version and platform.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: No - Requires browser restart
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: RestrictCoreSharingOnRenderer
- GP name: Restrict CPU core sharing for renderer process
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Enabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: RestrictCoreSharingOnRenderer
- Value type: REG_DWORD
Example registry value
0x00000001