Microsoft’s Chromium-based Edge browser is getting a new feature that promises to boost its security without significant performance losses.
In testing now with the Edge Vulnerability Research team, Microsoft Edge’s new so-called “Super Duper Secure Mode” accomplishes this by removing the Just-In-Time Compilation (JIT) compiler, which is said to be related to around 45 percent of the vulnerabilities that have been observed within the V8 JavaScript and WebAssembly engine.
According to Microsoft Edge Vulnerability Research lead Johnathan Norman, removal of JIT should address roughly half of the V8 bugs seen in many exploits, resulting in a significantly reduced attack surface.
Microsoft Edge’s new Super Duper Secure Mode can be enabled in the Beta, Dev, and Canary channel preview releases by entering edge://flags/#edge-enable-super-duper-secure-mode in the address bar and switching on the feature.
Right now, when enabled, Super Duper Secure Mode disables JIT (TurboFan/Sparkplug) and enables Control-flow Enforcement Technology (CET), an Intel hardware-based exploit mitigation designed to provide a more secure browsing experience. In the future, Microsoft also wants to add support for Arbitrary Code Guard (ACG), another security mitigation that would prevent loading malicious code into memory, a technique used by most web browser exploits.
Source: Microsoft (via Bleeping Computer)