The move aims to protect users on sites that may be malicious in nature.
Microsoft Edge is adding enhanced security protections to provide an extra layer of protection when browsing the web and visiting unfamiliar sites, according to a report in The Register. Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings, according to the article.
The new feature is part of a number of security updates in version 104.0.1293.47 announced this month that are designed to reduce the risk for the five Edge users users as they move around the internet.
Microsoft described the new security feature in its online documentation recently.
“The web platform is designed to give you a rich browsing experience using powerful technologies like JavaScript. On the other hand, that power can translate to more exposure when you visit a malicious site,” they write. “With enhanced security mode, Microsoft Edge helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse.”
The dangers of Just-In-Time JavaScript compilation
The enhanced security mode reduces memory-related vulnerabilities by disabling just-in-time (JIT) JavaScript compilation and applying more OS protections for the browser, including Hardware-enforced Stack Protection and Arbitrary Code Guard.
Johnathan Norman, principal security engineering manager at Microsoft, wrote in a blog post at last year that “JavaScript engine bugs are a mainstay for attackers for a variety of reasons; they provide powerful exploit primitives, there is a steady stream of bugs, and exploitation of these bugs often follows a straightforward template.”
JITs were put into browsers starting 2008 to speed up particular JavaScript tasks by taking loosely typed JavaScript and compiling it to machine code just before it’s needed and is useful in making JavaScript perform better. However, such performance and complexity can result in more security bugs and more patches. Norman points out that turning off JIT can help improve security.
4 hours ago
