Microsoft tests experimental “Super Duper Secure Mode” for Edge browser
Microsoft developers are testing a new “Super Duper security mode” in its Chromium-based Edge web browser that swaps optimized performance for better security.
However, these gains add complexity and come at a cost, according to Jonathan Norman, Microsoft’s Edge Vulnerability Research Manager. About 45% of V8 vulnerabilities after 2019 were related to the JIT engine, and we already saw a series of examples of hackers exploiting V8 bugs in Chrome and Chromium browsers in 2021.
In light of this, Edge’s new mode disables JIT so developers can check if the measured performance drops are manageable to improve security.
The developers believe that disabling JIT would eliminate just under half of the vulnerabilities that hackers can target, which also means fewer security updates and emergency fixes. It also means that developers have the ability to add a few technologies to Edge that are not compatible with JIT.
Due to how the technology works, Intel’s Controlflow-Enforcement Technology (CET) exploit mitigation hardware technology, as well as Arbitrary Code Guard (ACG), is not compatible with V8. By disabling this performance-enhancing technology, Norman said the team can now enable both security mitigation measures.
“Our hope is to create something that changes the landscape for modern exploits and dramatically increases the cost of exploitation for attackers,” said Jonathan Norman, Microsoft Edge Vulnerability Research Manager. “Mitigations have a long history of being bypassed, so we seek community input to build something of lasting value.
“This is of course only an experience; things are subject to change and we have quite a few technical challenges to overcome. Additionally, our tongue-in-cheek name will likely have to change to something more professional when we launch as a feature. For now, we’ll continue to have fun with it.
Although Super Duper Safe Mode is not generally released, Edge Canary, Dev, and Beta users can access it by entering “edge: // flags / # edge-enable-super-duper-secure-mode”In their address bars and activating the feature manually.
The move represents an intriguing step forward for Chromium-based Edge, which was initially touted as a viable competitor to Chrome when Microsoft launched the second generation of the browser in January of last year.
The company continued to aggressively promote the new Edge both through advertising and in Windows 10, with many new Windows users crippled by using the default browser, for example. This was compounded by a slew of new features aimed at reflecting Chrome’s advancements and targeting the mass market, like bundled tabs.
However, with Microsoft unable to compete with the market dominance of Chrome, the company recently repositioned Edge as an enterprise-centric browser, with a number of features designed to improve the remote working experience and increase the productivity.
This latest experiment continues Microsoft’s trend of seeking more niche use cases for Edge. It is likely that Super Duper Secure Mode will be offered to those who need very robust internet security, such as businesses in highly regulated industries.
Prepare for AI-powered cyberattacks
MIT Technology Review Overview
Cloud storage performance analysis
Storage performance and value of the IONOS cloud compute engine
The Forrester Wave: The Best Security Analytics Platforms
The 11 most important suppliers and their ranking
Use data to reinvent your organization
Build a data strategy for the next wave of cloud innovation