Microsoft has made a new security feature available in Edge Canary, Dev, and Beta. The feature currently known as “Super Duper secure mode” can be enabled via a flag and aims to make web browsing via Microsoft Edge exploit-free.
Now, coming to details. Microsoft Edge Super Duper secure mode disables JIT (TurboFan/Sparkplug) and enables CET. Microsoft has explained in a blog post that over half of the Chrome exploits target JIT bugs.
Performance and complexity often come at a cost, and often we bear this cost in the form of security bugs and subsequent patches. Looking at CVE (Common Vulnerabilities and Exposures) data after 2019 shows that roughly 45% of CVEs issued for V8 were related to the JIT engine. Moreover, we know that attackers weaponize and abuse these bugs as well; an analysis from Mozilla shows that over half of the “in the wild” Chrome exploits abused a JIT bug, as illustrated in the charts below. Note “Edge” below refers to the legacy version of Edge.
When you enable the Super Duper secure mode by using the flag: edge://flags/#edge-enable-super-duper-secure-mode. Just copy paste this link in Edge Canary, Dev, and Beta.
Microsoft has provided more details about the project Super Duper secure mode in the blog post that you can read below. As expected Microsoft intends to change its name to something more “professional” going forward.
Project Super Duper Secure Mode
Over the next few months, we will try to answer these questions with our Super Duper Secure Mode (SDSM) experiment. It will take some time, but we hope to have CET, ACG, and CFG protection in the renderer process. Once that is complete, we hope to find a way to enable these mitigations intelligently based on risk and empower users to balance the tradeoffs.
Currently, SDSM disables JIT (TurboFan/Sparkplug) and enables CET. At the moment, Web Assembly is not supported in this mode. We hope to slowly enable new mitigations and add Web Assembly support over the next few months as we continue testing and experimentation. You can find the feature under edge://flags in Edge Canary, Dev, and Beta.
This is of course just an experiment; things are subject to change, and we have quite a few technical challenges to overcome. Also, our tongue-in-cheek name will likely need to change to something more professional when we launch as a feature. For now, we are going to continue having fun with it.
If you decide to test the feature, please send us your feedback through the Feedback menu in Microsoft Edge. We are eager to hear about your experience.