Microsoft Edge has received an experimental feature that promises to instantly improve performance and address multiple bugs. The ‘Super Duper Secure Mode’ (SDSM) has already received a ‘flag’ that users can activate.
The SDSM inside the Chromium-based Microsoft Edge removes the Just-In-Time Compilation (JIT) from the V8 processing pipeline. This instantly eliminates multiple security vulnerabilities and improves performance, claims Microsoft.
What is Super Duper Secure Mode inside the Chromium-based Microsoft Edge?
Microsoft is actively testing a new ‘Super Duper Secure Mode’ for the new Edge browser. The Windows OS maker has already inserted the flag for the feature in the Edge Canary, Dev, and Beta versions.
Apparently, Microsoft Browser Vulnerability Research Team is experimenting with the new feature. It seems the feature is only inside the new Edge browser for Windows OS.
I'm not sure if this will land as a feature. But I think this experiment is worth a shot. If you try it please share your feedback in Edge (click the 3 dots -> feedback) or post on the forum https://t.co/As3jeqMSyC . We are curious to see if this is something users want. 7/?
— Johnathan Norman (@spoofyroot) August 4, 2021
The flag with the name does appear in the browser. However, it is quite obvious that Microsoft will give the feature a different, and perhaps more practical, name.
I love that this is legitimately called super duper secure mode https://t.co/tpzFMBQbmL
— Andrew Stace (@AndrewStace) August 5, 2021
Microsoft claims the new feature provides a more secure browsing experience. Essentially, the flag disables the Just In Time (JIT) JavaScript interpreter in Edge.
The Microsoft Browser Vulnerability Research Team claims JIT feels responsible for a large number of browser vulnerabilities. Disabling the same should not only improve performance but also eliminate around half of v8 JavaScript Engine bugs.
Why is Microsoft disabling the Just In Time (JIT) JavaScript interpreter in the Edge browser?
The Super Duper Secure Mode in Edge disables the JIT JavaScript interpreter, and in the process, automatically enables new security mitigations by the process of elimination.
Microsoft is also enabling the new Intel’s Control-flow Enforcement Technology (CET) in Edge render process. In the near future, the company will also add support for Web Assembly, Arbitrary Code Guard (ACG), and other new security mitigations.
Microsoft strongly hopes the new feature will be “something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers”.
The feature is already live and users of Edge Canary, Dev, and Beta can go to the following address and enable it in their browsers:
edge://flags/#edge-enable-super-duper-secure-mode pic.twitter.com/oUE9kJgzD2
— Catalin Cimpanu (@campuscodi) August 4, 2021
Johnathan Norman, Microsoft Edge Vulnerability Research Lead, explained the need for the Super Duper Secure Mode in Edge browser and elimination of the JIT JavaScript interpreter:
“This reduction of attack surface has potential to significantly improve user security; it would remove roughly half of the V8 bugs that must be fixed.”
“This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers.”
The new feature is experimental, but Microsoft Edge users can enable the same by going to edge://flags/#edge-enable-super-duper-secure-mode and toggling on the new feature.