Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft Edge’s Super Duper Secure Mode addresses Javascript vulnerabilities in a brand new way

2 min. read

Published onAugust 5, 2021

published onAugust 5, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft Edge hasstarted testing a new “Super Duper Secure Mode”that should make browsing more secure by addressing Javascript vulnerabilities within the browser. The feature is currently available for Edge Insiders, and it’s hidden behind an experimental flag in the Canary, Dev, and Beta channels.

Microsoft’s research has revealed that attackers usually target the JavaScript engine called “Just-In-Time (JIT) compilation” to hack web browsers. JIT is basically a complex pipeline of processes used to optimize JavaScript code for performance. Once enabled, the new Super Duper Secure Mode will actually disable the JavaScript just-in-time (JIT) compiler to prevent attackers from hacking into systems of Microsoft Edge users.

With the JIT engine disabled, the Microsoft Edge team enabled additional security features including Control Flow Guard (CFG), Windows’ Arbitrary Code Guard (ACG) as well as Intel’s Control-flow Enforcement Technology (CET). According to Microsoft, JIT had compatibility issues with all these features, and turning off the JavaScript engine should help to provide a more secure browsing experience.

“By disabling JIT, we can enable both mitigations and make exploitation of security bugs in any renderer process component more difficult,” explained Johnathan Norman, Microsoft Edge Vulnerability Research Lead. “This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers.”

If you want to try out Super Duper Secure Mode, you will need to open Microsoft Edge and go to the edge://flags page. Then type “Super Duper Secure Mode” in the search bar, enable this feature, and finally restart the browser.

However, keep in mind that the Super Duper Secure Mode is an experimental feature in Microsoft Edge, and it may break some websites. Normannoted that the company plansto bring this feature to other platforms, including macOS and Android.

In the meantime, Microsoft will keep listening to user feedback to improve this new Super Duper Secure Mode before making it generally available for everyone. “Our hope is to build something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers. Mitigations have a long history of being bypassed, so we are seeking feedback from the community to build something of lasting value,” Norman said today.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina