Microsoft has been found to have added a security feature to its Edge web browser that allows users to improve security at the expense of browser performance.
Super Duper Secure Mode has been released in a stable version (96.0.1054.29). You can now switch between balanced mode and strict mode.
Balanced mode learns which sites you use most often and trusts those sites, and strict mode trusts those sites. We now allow users to add their own exceptions.
The feature, announced in August 2021, is called “Super Duper Secure Mode” and was included in Edge v96.0.1054.29, released on November 19, 2021, according to Microsoft Edge Vulnerability Research Lead Johnathan Norman said.
https:// microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
This feature works by disabling support for an Edge component called the JIT (Just-In-Time) compiler.
The JIT compiler is a toolkit that pre-compiles JavaScript code into machine code in order to speed up the browser.
This feature was initially designed to improve the loading speed of web sites and assist with complex and dynamic web sites, but has recently been the subject of a security flaw.
As the Edge team explained in an August blog post, the JIT compiler is responsible for 45% of the security vulnerabilities found in the Edge browser engine since 2019, and half of the zero-days exploited in the Chromium browser.
In Super Duper Secure Mode, JIT compilation can be disabled by going to edge://settings/privacy, the Edge settings section, and flipping a switch.
Two options are available: “Balanced” to disable JIT on new sites that users don’t usually access, and “Strict” to disable JIT on all sites at once.
In addition to this security option, we will be adding other security features such as MiraclePtr, Controlflow-Enforcement Technology (CET), and Arbitrary Code Guard (ACG) support to Edge.
We are also planning to add other security features such as adding support for MiraclePtr, Controlflow-Enforcement Technology (CET), and Arbitrary Code Guard (ACG) to Edge.
Comments