Microsoft announces new 'Super Duper Secure Mode' for Edge
Microsoft said today it plans to run an experiment in its Edge web browser where it will intentionally disable an important performance and optimization feature in order to enable more advanced security upgrades in what the company is calling Edge Super Duper Secure Mode.
However, JIT support in V8 is complex. Norman said JIT-related security issues amounted to 45% of all V8 vulnerabilities in 2019. Furthermore, more than half of the "in the wild" Chrome exploits rely on JIT-related bugs.
Norman said that recent tests carried out by the Edge team have shown that despite its pivotal role in speeding up browsers in the early and mid-2010s, JIT is not a crucial feature anymore to Edge's performance.
Encouraged by these findings, Norman said the Edge team is now working on Super Duper Secure Mode, an Edge configuration where they disable JIT and enable three other security features such as Controlflow-Enforcement Technology (CET) and Arbitrary Code Guard (ACG)—two features that would normally clash with V8's JIT implementation.
As Norman explained, Super Duper Secure Mode is currently classified as an experiment, and there are no plans set in stone to ship it to users just yet.
I'm not sure if this will land as a feature. But I think this experiment is worth a shot. If you try it please share your feedback in Edge (click the 3 dots -> feedback) or post on the forum https://t.co/As3jeqMSyC . We are curious to see if this is something users want. 7/?— Johnathan Norman (@spoofyroot) August 4, 2021
However, while Super Duper Secure Mode does not have a certain future, the feature is already live and ready for testing. Users of Edge Canary, Dev, and Beta can go to the following address and enable it in their browsers:
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.