Microsoft Edge is running the Super Safe Mode experiment

Why is it important: Microsoft Edge vulnerability researchers are interested in testing a rather unconventional idea that could improve the security of Chromium-based browsers for people willing to sacrifice a bit of performance. This is called “Super-Duper Secure Mode” and is mostly a fun experiment at the moment, but it can turn into a real feature if the user is interested.

After migrating the Edge browser to the Chromium engine, Microsoft finally released a browser that many people are ready to use and are constantly switching to. In my personal experience, Edge has worked without any major issues since the first developer builds and canary builds for Windows 10. Since then, Microsoft has added many features like sleeping tabs, password generator, vertical tabs and more. other. …

Last year, Google stopped alerting people to perceived security risks in Edge, and since then, the two companies have committed to working together to address some of the biggest cross-browser compatibility issues for the web today.

Edge isn’t perfect security, but like most browsers, it has some features that provide maximum protection without creating a headache. For example, Microsoft’s browser allows you to automatically block the download of “potentially unwanted applications”, but now the company testing a more aggressive security feature called “Super Duper Secure Mode”.

According to the Microsoft Edge vulnerability research team, the new mode is based on an unconventional idea, but is ultimately designed to make it more expensive for attackers to exploit any flaws they may find. The researchers found that 45 percent of the bugs in the V8 Javascript engine used in Chromium-based browsers such as Edge, Chrome, Opera, Brave, and Vivaldi were due to the Just-In-Time (JIT) compilation pipeline for JavaScript, i.e. … used to improve the performance of the web browser.

The idea behind SDSM Edge is that JIT offers a large attack surface that requires constant work of patching to ensure security, so it might be worth checking if disabling JIT can improve security without big sacrifices in terms of performance. And it’s not just about removing nearly half of the bugs in the V8 JavaScript engine, as disabling JIT enables security features like Intel Controlflow-Enforcement Technology (CET) or Microsoft’s Arbitrary Code Guard (ACG) Exploit Prevention feature in Windows 10.

After running some automated tests for power, startup, memory usage, and page load times, the researchers found that disabling JIT resulted in improvements in some cases and slightly degraded performance in others. Memory usage doesn’t change much, and startup time improves by about 9 percent. When it comes to page load times, at worst it is almost 17 percent slower, and at best it actually improves to 9.5 percent. A similar story with power consumption: some tests show an 11.4 percent increase with the JIT off, and some tests show a 15 percent increase in power efficiency.

In synthetic tests such as Speedometer 2.0, disabling JIT resulted in a score that was 58 percent worse than when JIT was enabled. However, the difference in performance was much less noticeable in real use, which for users matters much more than the actual number obtained in the test.

SSDM is currently an experimental feature, but if you would like to test it yourself, you can do so by signing up for the Edge Insider program. It doesn’t matter if you are in the Canary, Dev or Beta ring, to enable this feature, go to edge: // flags and enable the one called “edge-enable-super-duper-secure-mode”. It’s also worth noting that Web Assembly (WASM) does not work in this mode, so be careful.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button