[TheRecord] Microsoft silently enables ‘Super Duper Secure Mode’ for Edge

Microsoft last week secretly added a security feature in its Edge web browser that allows users to sacrifice the browser’s performance for improved security.

Announced in August this year, the feature is named Super Duper Secure Mode and was in Edge v96.0.1054.29, released last Friday on November 19, according to Johnathan Norman, Microsoft Edge Vulnerability Research Lead.

Under the hood, the feature works by allowing users to disable support for an Edge component named the JIT (Just-In-Time) compiler, a toolkit that compiles JavaScript code into machine code ahead of time in order to speed up the browser.

While the feature was initially designed to improve website loading speeds and to help with complex and dynamic websites, the feature has recently been a whirlpool of security flaws.

As the Edge team explained in a blog post in August, the JIT compiler has been the source of 45% of all security vulnerabilities discovered in Edge’s browser engine and at the source of half the zero-days exploited in Chromium browsers since 2019.

Super Duper Secure Mode lets users disable JIT compilation by going in Edge’s settings section, at edge://settings/privacy, and flipping a switch.

Two options are provided, Balanced, which disables JIT on new sites that the user doesn’t usually visit, and Strict, which disables JIT on all sites at once.

Image: The Record

Currently, Super Duper Secure Mode just disables JIT, but Norman said in August that other security features will be added to this umbrella security option, such as adding support in Edge for MiraclePtrControlflow-Enforcement Technology (CET), and Arbitrary Code Guard (ACG)

“I’m really excited to see what impact we have here. Although for it really to matter, we will need SDSM enabled by default,” Norman tweeted on Monday.

The post Microsoft silently enables ‘Super Duper Secure Mode’ for Edge appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] DarkSide ransomware servers reportedly seized, REvil restricts targets

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] Best Android VPN 2021: Our top four

All posts, ZDNet

Are you looking for a VPN service provider that works well with Android devices? We spotlight four providers who offer highly-rated Android VPN clients. Source: Read More (Latest topics for ZDNet in Security)

Read More

[TheRecord] Anonymous hacks and leaks data from domain registrar Epik

Hacktivist group Anonymous has successfully breached and leaked the database of Epik, a controversial web hosting provider and domain registrar that has given shelter to many right-wing websites over the past few years, such as Gab, Parler, and The Donald. The hack, which based on timestamps in the leaked data took place on February 28, was […]

Read More