Security News > 2021 > August > Microsoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment

Microsoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment
2021-08-05 16:39

Security engineers at Microsoft plan to rip out a key performance feature from the Edge browser in an experiment aimed at better measuring the tradeoffs between security, optimization and performance.

The plan is to create a provocatively named "Super Duper Secret Mode" in Edge that deliberately disables support for the browser's JavaScript JIT compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test - available in Edge preview builds select users - essentially rips out JIT, a feature that makes browsers run faster but data shows that these components introduce attack surfaces that have already been exploited in malware campaigns.

According to Microsoft's Johnathan Norman, browser makers have traditionally been willing to absorb the security cost to ship "Fast" browsers but by disabling JIT from Edge, there is a significant attack surface reduction that could significantly improve user security.

In addition to removing JIT, Norman said the browser would be fitted with Intel Corp's new CET, a hardware-based security feature that helps to block certain types of software exploitation.

"Anecdotally, we find that users with JIT disabled rarely notice a difference in their daily browsing," Norman said, even arguing that the JIT-free browser "Does not always have negative impacts."

Microsoft hopes to use the results from the experiment to answer the question of whether the performance gains provided by JIT are worth the resulting security bugs, updates and the missing security mitigations.

News URL

Related vendor

Microsoft 578 1018 4856 2559 4298 12731