The head of Microsoft Edge’s Vulnerability Research detailed a new experiment called Super Duper Secure Mode – that can effectively increase the browser’s security.
This is by disabling the JavaScript just-in-time (JIT) compiler, which opens doors for various security plugins that can kill off most bugs or make it harder for exploiters to breach them. But, the downside of this was reduced performance.
Making Microsoft Edge More Secure
Observing that most browser hacks are related to vulnerabilities in JavaScript, Microsoft has come up with a new technique that could reduce the effect by half.
This is by disabling the JavaScript Just-in-time (JIT) compiler. As proposed by Microsoft Edge’s Vulnerability Research head, Johnathan Norman, turning off the JavaScript JIT opens doors for various hardware protections like Intel’s Control-flow Enforcement Technology (CET), Windows’ Arbitrary Code Guard (ACG), and Control Flow Guard (CFG).
These will lock down the untrusted content as much as possible, thus making exploiting security bugs harder for hackers. The downside for this is the reduction in the performance of Edge, as found in the benchmark tests.
The performance score was down by as much as 58%, and consumption of power by 15% (average) and 11% in regression tests. Also, “Memory is also a mixed story with negatively impacted tests showing a 2.3% regression, but a larger gain on the tests that showed improvements.”
Further, there’s a severe decrease in page load times and fair in start-up times. Named SuperDuper Secure Mode, this technique is currently available through edge://flags for users in canary, dev, and beta channels. And, it only switches CET on as of now, with others like ACG and CFG yet to come.
