Microsoft is working on a Super Duper Secure Mode for their Edge browser which disables the Just In Time javascript interpreter in Edge, which the Microsoft Browser Vulnerability Research Team feels is responsible for a large number of browser vulnerabilities.

The feature started on Windows, but is now available on Edge Canary for macOS.  Its arrival was announced by Johnathan Norman, Microsoft Edge Vulnerability Research Lead.

The news was also accompanied by a somewhat worrying change in Super Duper Secure Mode.  Microsoft has addressed issues where SDSM breaks some sites by automatically disabling it on those sites, which includes places like Facebook, which seems to somewhat counter-productive. Microsoft is however working on a way for users to control the feature and where it is available.

The Super Duper Secure Mode in Edge disables the JIT and enables new security mitigations. These include enabling the new Controlflow Enforcement Technology (CET) in Edge render process and in the future adding support for Web Assembly, Arbitrary Code Guard (ACG), and other new security mitigations.

Microsoft hopes Super Duper Secure Mode will be  ”something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers”.

You can find Edge Canary for macOS here.

Comments