Microsoft is testing a new Super Duper Secure Mode for their Edge browser, with the flag for this now available in the Edge Canary, Dev, and Beta versions.

The flag would disable the Just In Time javascript interpreter in Edge, which the Microsoft Browser Vulnerability Research Team feels is responsible for a large number of browser vulnerabilities.

While it improves performance, disabling it eliminates around half of v8 JavaScirpt Engine bugs.

The Super Duper Secure Mode in Edge disables the JIT and enables new security mitigations. These include enabling the new Controlflow Enforcement Technology (CET) in Edge render process and in the future adding support for Web Assembly, Arbitrary Code Guard (ACG), and other new security mitigations.

Microsoft hopes Super Duper Secure Mode will be  ”something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers”.

To enable Super Duper Secure Mode enable the flag under Edge://flags.

Microsoft hopes to bring the technology to their browser on Edge on Android and Mac also.

via Techdows

Comments