Microsoft’s Chromium-based Edge browser is getting a new feature that promises to boost its security without significant performance losses.
According to Microsoft Edge Vulnerability Research lead Johnathan Norman, removal of JIT should address roughly half of the V8 bugs seen in many exploits, resulting in a significantly reduced attack surface.
Microsoft Edge’s new Super Duper Secure Mode can be enabled in the Beta, Dev, and Canary channel preview releases by entering edge://flags/#edge-enable-super-duper-secure-mode in the address bar and switching on the feature.
Right now, when enabled, Super Duper Secure Mode disables JIT (TurboFan/Sparkplug) and enables Control-flow Enforcement Technology (CET), an Intel hardware-based exploit mitigation designed to provide a more secure browsing experience. In the future, Microsoft also wants to add support for Arbitrary Code Guard (ACG), another security mitigation that would prevent loading malicious code into memory, a technique used by most web browser exploits.