Microsoft Edge gets experimental ‘Super Duper Secure Mode’: Feature disables Just In Time JavaScript interpreter improving performance and multiple bugs

Microsoft Edge Super Duper Secure Mode
Edge gets Super Secure? Pic credit: Isriya Paireepairit/Flickr

Microsoft Edge has received an experimental feature that promises to instantly improve performance and address multiple bugs. The ‘Super Duper Secure Mode’ (SDSM) has already received a ‘flag’ that users can activate.

The SDSM inside the Chromium-based Microsoft Edge removes the Just-In-Time Compilation (JIT) from the V8 processing pipeline. This instantly eliminates multiple security vulnerabilities and improves performance, claims Microsoft.

What is Super Duper Secure Mode inside the Chromium-based Microsoft Edge?

Microsoft is actively testing a new ‘Super Duper Secure Mode’ for the new Edge browser. The Windows OS maker has already inserted the flag for the feature in the Edge Canary, Dev, and Beta versions.

Apparently, Microsoft Browser Vulnerability Research Team is experimenting with the new feature. It seems the feature is only inside the new Edge browser for Windows OS.

The flag with the name does appear in the browser. However, it is quite obvious that Microsoft will give the feature a different, and perhaps more practical, name.

Microsoft claims the new feature provides a more secure browsing experience. Essentially, the flag disables the Just In Time (JIT) JavaScript interpreter in Edge.

The Microsoft Browser Vulnerability Research Team claims JIT feels responsible for a large number of browser vulnerabilities. Disabling the same should not only improve performance but also eliminate around half of v8 JavaScript Engine bugs.

Why is Microsoft disabling the Just In Time (JIT) JavaScript interpreter in the Edge browser?

The Super Duper Secure Mode in Edge disables the JIT JavaScript interpreter, and in the process, automatically enables new security mitigations by the process of elimination.

Microsoft is also enabling the new Intel’s Control-flow Enforcement Technology (CET) in Edge render process. In the near future, the company will also add support for Web Assembly, Arbitrary Code Guard (ACG), and other new security mitigations.

Microsoft strongly hopes the new feature will be “something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers”.

Johnathan Norman, Microsoft Edge Vulnerability Research Lead, explained the need for the Super Duper Secure Mode in Edge browser and elimination of the JIT JavaScript interpreter:

“This reduction of attack surface has potential to significantly improve user security; it would remove roughly half of the V8 bugs that must be fixed.”

“This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers.”

The new feature is experimental, but Microsoft Edge users can enable the same by going to edge://flags/#edge-enable-super-duper-secure-mode and toggling on the new feature.

Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x