Currently `performance.now()` and related timestamps are coarsened based on site isolation status. This change will align their coarsening based on cross-origin isolation capability, regardless of platform. That would decrease their resolution on desktop from 5 microseconds to 100 microseconds in non-isolated contexts. It would also increase their resolution on Android from 100 microseconds to 5 microseconds in cross-origin isolated contexts, where it's safe to do so.
Sites like https://leaky.page demonstrate that cross-origin information that’s read into the renderer can be observed by code running in that renderer. It also demonstrates that while high-resolution timers don’t enable that vulnerability, they accelerate its exploitation. Currently `performance.now()` and related timestamps are coarsened based on site isolation status of the platform. Aligning that with cross-origin isolated capability would enable us to expose more granular timers where we can, and reduce risk for our users where we can’t.
Explainers: https://docs.google.com/document/d/1MpG4sBbfZ5xzXCH1GcUjKPuQndkt_kD0LJ7NfpJJ65s/edit#heading=h.f5lcp6q4pi0q