Microsoft Edge's Super Duper Secure Mode lands in Settings

[harlan4096]

Microsoft unveiled a new security feature called Super Duper Secure Mode in the company's Microsoft Edge web browser about two weeks ago. Super Duper Secure Mode is an experimental feature to make the browsing experience more secure. The name is not final and it is possible that the feature will never land in Microsoft Edge stable.

Microsoft targets the Just In Time (JIT) compiler with the security feature and introduces security mitigations at the same time. Research on JIT shows that it was responsible for nearly 45% of CVEs (Common Vulnerabilities and Exposures) in 2019, and that attacks abuse bugs in the compiler in more than 50% of the cases that are "in the wild".

Disabling JIT would reduce attacks by a significant margin right away, and it would pave the way for security mitigations that cannot be enabled in the browser while JIT is enabled.

Microsoft mentions Controlflow-Enforcement Technology (CET), a "hardware-based exploit mitigation from Intel" and Arbitrary Code Guard (ACG) as two example mitigations that cannot be enabled while JIT is enabled.

With JIT disabled, these exploit mitigation techniques can be enabled, and that is what Microsoft has planed for Super Duper Secure Mode in the company's Edge browser.

Disabling JIT may impact performance. Microsoft notes that most users would probably not notice a difference with JIT disabled, Performance data revealed that the disabling does not always have negative impacts. For page load performance, results varied from a positive 9.5% improvement to a negative 16.9% decrease, depending on the page. Memory use's rage was between 4.6% and -2.3%, and power between 15% and -11.4%.

Managing Super Duper Secure Mode in Microsoft Edge

Microsoft introduced Super Duper Secure Mode as an experimental flag in Edge Canary, Dev and Beta. To enable it, do the following:

1. Load edge://flags/#edge-enable-super-duper-secure-mode.
   
2. Set the experimental flag to Enabled.
   
3. Restart Microsoft Edge.
   

Work on the security mode continues, and it is possible that some features are still missing at this point.

Microsoft added a second experimental flag to Edge recently; this flag, when enabled, enables a preference in the browser's Settings to enable or disable the new security mode from there.

1. Load edge://flags/#edge-saya in the browser's address bar.
   
2. Set the flag to Enabled.
   
3. Restart Microsoft Edge.
   

You find the new preference under Settings > Privacy, search and services > Security.

Closing Words

Super Duper Secure Mode is experimental at this point and there is no guarantee that it will land in Edge Stable. Should it be released, it will be released under a different name.
...

Continue Reading