Security News > 2021 > August > Microsoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment
Security engineers at Microsoft plan to rip out a key performance feature from the Edge browser in an experiment aimed at better measuring the tradeoffs between security, optimization and performance.
The plan is to create a provocatively named "Super Duper Secret Mode" in Edge that deliberately disables support for the browser's JavaScript JIT compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test - available in Edge preview builds select users - essentially rips out JIT, a feature that makes browsers run faster but data shows that these components introduce attack surfaces that have already been exploited in malware campaigns.
According to Microsoft's Johnathan Norman, browser makers have traditionally been willing to absorb the security cost to ship "Fast" browsers but by disabling JIT from Edge, there is a significant attack surface reduction that could significantly improve user security.
In addition to removing JIT, Norman said the browser would be fitted with Intel Corp's new CET, a hardware-based security feature that helps to block certain types of software exploitation.
"Anecdotally, we find that users with JIT disabled rarely notice a difference in their daily browsing," Norman said, even arguing that the JIT-free browser "Does not always have negative impacts."
Microsoft hopes to use the results from the experiment to answer the question of whether the performance gains provided by JIT are worth the resulting security bugs, updates and the missing security mitigations.
News URL
Related news
- Microsoft pulls Edge update causing 'Out of Memory' crashes (source)
- Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (source)
- Microsoft: New Copilot app added by Edge doesn’t collect data (source)
- Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge (source)