Microsoft tests experimental “Super Duper Secure Mode” for Edge browser

0

Microsoft developers are testing a new “Super Duper security mode” in its Chromium-based Edge web browser that swaps optimized performance for better security.

Google Chrome and Chromium-based browsers like Edge are built on the open source JavaScript engine V8, although it is often targeted by hackers as bugs are regularly discovered and exploitation follows a simple pattern.

The problem lies in a technology known as “just-in-time complication” (JIT), which was introduced in 2008 to speed up specific tasks in JavaScript.

JIT uses vague type programming languages, such as JavaScript, and compiles them into machine code just before it is needed, resulting in impressive performance gains since its implementation.

However, these gains add complexity and come at a cost, according to Jonathan Norman, Microsoft’s Edge Vulnerability Research Manager. About 45% of V8 vulnerabilities after 2019 were related to the JIT engine, and we already saw a series of examples of hackers exploiting V8 bugs in Chrome and Chromium browsers in 2021.

In light of this, Edge’s new mode disables JIT so developers can check if the measured performance drops are manageable to improve security.

The developers believe that disabling JIT would eliminate just under half of the vulnerabilities that hackers can target, which also means fewer security updates and emergency fixes. It also means that developers have the ability to add a few technologies to Edge that are not compatible with JIT.

Due to how the technology works, Intel’s Controlflow-Enforcement Technology (CET) exploit mitigation hardware technology, as well as Arbitrary Code Guard (ACG), is not compatible with V8. By disabling this performance-enhancing technology, Norman said the team can now enable both security mitigation measures.

“Our hope is to create something that changes the landscape for modern exploits and dramatically increases the cost of exploitation for attackers,” said Jonathan Norman, Microsoft Edge Vulnerability Research Manager. “Mitigations have a long history of being bypassed, so we seek community input to build something of lasting value.

“This is of course only an experience; things are subject to change and we have quite a few technical challenges to overcome. Additionally, our tongue-in-cheek name will likely have to change to something more professional when we launch as a feature. For now, we’ll continue to have fun with it.

Although Super Duper Safe Mode is not generally released, Edge Canary, Dev, and Beta users can access it by entering “edge: // flags / # edge-enable-super-duper-secure-mode”In their address bars and activating the feature manually.

The move represents an intriguing step forward for Chromium-based Edge, which was initially touted as a viable competitor to Chrome when Microsoft launched the second generation of the browser in January of last year.

The company continued to aggressively promote the new Edge both through advertising and in Windows 10, with many new Windows users crippled by using the default browser, for example. This was compounded by a slew of new features aimed at reflecting Chrome’s advancements and targeting the mass market, like bundled tabs.

However, with Microsoft unable to compete with the market dominance of Chrome, the company recently repositioned Edge as an enterprise-centric browser, with a number of features designed to improve the remote working experience and increase the productivity.

This latest experiment continues Microsoft’s trend of seeking more niche use cases for Edge. It is likely that Super Duper Secure Mode will be offered to those who need very robust internet security, such as businesses in highly regulated industries.

Featured Resources

Prepare for AI-powered cyberattacks

MIT Technology Review Overview

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud compute engine

Download now

The Forrester Wave: The Best Security Analytics Platforms

The 11 most important suppliers and their ranking

Download now

Use data to reinvent your organization

Build a data strategy for the next wave of cloud innovation

Download now


Source link

Leave A Reply

Your email address will not be published.