[TheRecord] Microsoft announces new ‘Super Duper Secure Mode’ for Edge

Microsoft said today it plans to run an experiment in its Edge web browser where it will intentionally disable an important performance and optimization feature in order to enable more advanced security upgrades in what the company is calling Edge Super Duper Secure Mode.

Announced today by Johnathan Norman, Microsoft Edge Vulnerability Research Lead, the idea behind the new Super Duper Secure Mode is to disable support for JIT (Just-In-Time) inside V8, the Edge browser’s JavaScript engine.

JIT, while unknown to most end-users, plays a crucial role in all of today’s web browsers. JIT works by taking JavaScript and compiling it to machine code ahead of time. If the browser needs the code, it gains a significant speed boost. If it doesn’t, the code is discarded.

However, JIT support in V8 is complex. Norman said JIT-related security issues amounted to 45% of all V8 vulnerabilities in 2019. Furthermore, more than half of the “in the wild” Chrome exploits rely on JIT-related bugs.

Norman said that recent tests carried out by the Edge team have shown that despite its pivotal role in speeding up browsers in the early and mid-2010s, JIT is not a crucial feature anymore to Edge’s performance.

Image: Microsoft

Encouraged by these findings, Norman said the Edge team is now working on Super Duper Secure Mode, an Edge configuration where they disable JIT and enable three other security features such as Controlflow-Enforcement Technology (CET) and Arbitrary Code Guard (ACG)—two features that would normally clash with V8’s JIT implementation.

As Norman explained, Super Duper Secure Mode is currently classified as an experiment, and there are no plans set in stone to ship it to users just yet.

I’m not sure if this will land as a feature. But I think this experiment is worth a shot. If you try it please share your feedback in Edge (click the 3 dots -> feedback) or post on the forum https://t.co/As3jeqMSyC . We are curious to see if this is something users want. 7/?

— Johnathan Norman (@spoofyroot) August 4, 2021

However, while Super Duper Secure Mode does not have a certain future, the feature is already live and ready for testing. Users of Edge Canary, Dev, and Beta can go to the following address and enable it in their browsers:

edge://flags/#edge-enable-super-duper-secure-mode

Image: Microsoft

The post Microsoft announces new ‘Super Duper Secure Mode’ for Edge appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] Europol detains suspects behind LockerGoga, MegaCortex, and Dharma ransomware attacks

Europol said it detained 12 suspects this week it believes were part of a professional criminal group that orchestrated a long string of ransomware attacks that targeted large companies and which hit more than 1,800 victims across 71 countries since 2019. The suspects were detained on Tuesday, October 26, in Ukraine and Switzerland. “Most of […]

Read More

[ThreatPost] DarkSide Hits Toshiba; XSS Forum Bans Ransomware

All posts, ThreatPost

The criminal forum washed its hands of ransomware after DarkSide’s pipeline attack & alleged shutdown: A “loss of servers” that didn’t stop another attack. Source: Read More (Threatpost)

Read More

[ThreatPost] Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies

All posts, ThreatPost

The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform. Source: Read More (Threatpost)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.