Microsoft has updated its Edge browser with new security features, expanding on the ‘Super Duper Secure Mode’ that was introduced late last year.
This mode, a new experimental security feature, is intended to reduce the likelihood of browser attacks by disabling the Just-In-Time (JIT) component in the V8 engine – a feature that improves speed and usability but has been linked to numerous security vulnerabilities.
Recommended AI News: Raydiant Raises $30M Series B to Reimagine In-Store Experiences for Brick and Mortars
According to Microsoft Edge vulnerability research lead Johnathan Norman, most users who have enabled Super Duper Secure Mode haven’t noticed any issues or reported any performance trade-offs.
“84% of users who enabled the feature never deactivated it.” This was surprising because we don’t yet have WASM [WebAssembly] up and running. Even more surprising, performance/speed was not a common complaint. It was the least frequently mentioned as a problem,” he says in a tweet.
“The majority of users expressed dissatisfaction with the lack of WASM support.” 42 percent of users who disabled the feature selected ‘other’ and described WASM-related issues, 29 percent specifically mentioned website compatibility, and 15 percent selected page loads slowly. In most cases, the lack of JIT was insignificant.”
Recommended AI News: Teleport Builds Executive Depth with Appointment of Hector Hernandez as Chief Revenue Officer
Key Features
- The browser developer is also working on a new WASM interpreter known as DrumBrake. Currently, a compiler is used to convert WASM code into machine instructions, which necessitates the use of writable and executable memory pages.
- Control-flow Enforcement Technology (CET) and Arbitrary Code Guard (ACG), which prevent dynamic code generation in renderer processes and implement a separate shadow stack to protect return addresses, have been added to Edge by Microsoft.
- “We are also pleased to announce that Microsoft Edge now supports both forward and backward control-flow protection.” “By implementing these safeguards, we can provide defense in depth that extends beyond JIT attacks,” Norman says.
- Microsoft is also experimenting with delivering personalized bypass lists based on the Chromium project’s user site engagement scores.
- However, attackers frequently use WASM memory to execute their code in exploits and while enabling ACG prevents this, it also breaks WASM.
- DrumBrake’s goal is to provide a secure WASM environment that unblocks the most common WASM use cases without the need for JIT.
More About The Most Recent Browser Security Information
- According to Norman, there will most likely be trade-offs: “For example, DrumBrake requires much less reminiscence, which is a nice bonus, but we anticipate that compute-intensive applications will not perform as well.”
- Microsoft Edge switched to a four-week main release cycle cadence in September, while also adding an eight-week Prolonged Secure option for enterprise clients.
- The changes are included in Edge model 98, which began to appear on people’s desktops earlier this month.
The most recent version also includes a new mode that prioritizes browser security. This enables administrators to apply group policies to Windows, macOS, and Linux end-user desktops to help protect against exploits.
Recommended AI News: Employee Enablement Platform Zavvy Launches With $4 Million In Seed Funding
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.