Edge to get some massive privacy & performance improvements

by Vlad Turiceanu
Vlad Turiceanu
Vlad Turiceanu
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming... read more
Affiliate Disclosure
  • Microsoft officials admit that the company is also busy with other software creation, not just Windows 11.
  • Johnathan Norman says that the tech company is about to introduce new security features to Edge.
  • The Chromium-based browser is about to get a Super Duper Secure mode, according to the Redmond giant.
  • Nathan mentioned that exploits target Google’s V8 JavaScript rendering engine because of JavaScript engine bugs.
Microsoft Edge secure mode

If you didn’t already know, then you will be pleased to learn that the Microsoft Browser Vulnerability Research team is working on a Super Duper Secure Mode for the Edge web browser.

Microsoft’s Johnathan Norman says that the company is hard at work creating a safer environment and that we will have nothing to worry about in the future.

Our hope is to build something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers. Mitigations have a long history of being bypassed, so we are seeking feedback from the community to build something of lasting value.

So, taking into consideration all external factors that can endanger user data in any shape or form, Microsoft is working on new ingenious ways to keep the bad guys out.

Microsoft is working on a Super Duper Secure Mode for Edge

As Norman so eloquently explains, most Chromium-based web browser exploits target Google’s V8 JavaScript rendering engine because of JavaScript engine bugs.

The issues provide powerful exploit primitives, there is a steady stream of bugs, and exploitation of these bugs often follows a straightforward template.

Normal also adds that the JavaScript engines are a remarkably difficult security challenge for browsers.

In order to fight this problem, Edge’s upcoming Super Duper Secure Mode would disable the JavaScript engine’s Just-In-Time (JIT) compilation technology, which speeds up JavaScript workloads dramatically and makes this scripting language roughly as performant as native C++ code.

All this is because obtaining this level of performance requires a lot of complexity, which provides hackers with lots of places to pry for vulnerabilities.

What if we simply disabled the JIT? This reduction of attack surface has the potential to significantly improve user security; it would remove roughly half of the V8 bugs that must be fixed. For users, this means less frequent security updates and fewer emergency patches required.

It seems like this change would also lead to a dramatically slower Microsoft Edge, some would say.

And although that’s not completely farfetched, Norman says that users with JIT disabled rarely notice a difference in their daily browsing, in testing.

The performance degradation across multiple tasks ranged from no change at all to 16.9 percent, along with an average 11 percent increase in power consumption and a 2.3 percent increase in memory usage.

The above-mentioned change impacts the popular Speedometer 2.0 benchmark by as high as 58 percent.

Microsoft plans to investigate its Super Duper Secure Mode experiment over the next few months and determine whether making it available publicly in Edge is beneficial enough.

If you’re interested in testing Super Duper Secure Mode, you can do so now with Edge Canary, Dev, and Beta.

Just enable the Super Duper Secure Mode in edge://flags, and then send Microsoft your feedback using the Feedback menu in Edge.

What’s your opinion on this new security feature? Share your thoughts with us in the comments section below.

This article covers:Topics: