Microsoft is developing a new feature called ‘Super Duper Secure Mode,’ which will improve the security of its Edge browser.
Certain optimizations will be disabled in the new mode, preventing hackers from exploiting browser flaws.
Microsoft said in a blog post “It will take some time, but we hope to have CET, ACG, and CFG protection in the renderer process. Once that is complete, we hope to find a way to enable these mitigations intelligently based on risk and empower users to balance the tradeoffs,”
The setting disables a function of Edge’s JavaScript engine that speeds up the execution of website code.
Microsoft added “This is, of course, just an experiment; things are subject to change, and we have quite a few technical challenges to overcome. Also, our tongue-in-cheek name will likely need to change to something more professional when we launch as a feature,”
Microsoft revealed that it intends to build something that changes the modern exploit landscape and greatly increases the cost of exploitation for attackers.
Microsoft said “Mitigations have a long history of being bypassed, so we are seeking feedback from the community to build something of lasting value,”
For a variety of reasons, JavaScript engine bugs are a favourite for attackers as they provide powerful exploit primitives, there is a steady stream of bugs, and exploitation of these bugs frequently follows a simple template.