After their successful Surface Event in September and the launch of their affordable Surface Laptop SE, Microsoft is bringing about other changes. In the latest version of the Edge browser, Microsoft has introduced a ‘Super Duper Secure Mode,’ which provides users with increased protection against common vulnerabilities. Edge’s vulnerability research lead, Johnathan Norman, first mentioned the feature in a blog post in August. On November 22, Norman revealed that the feature had been “secretly” rolled out in the latest version, 96.0.1054.29.
It works by disabling the Just-In-Time component in V8, which has been linked to a large number of security vulnerabilities in recent years, Super Duper Secure Mode – also known as SDSM – helps to mitigate against browser attacks. The Chromium Project developed V8 as an open-source JavaScript engine for Google Chrome and the Chromium web browser (the code base for recent versions of Edge). This issue is caused in part by a technology called Just-In-Time (JIT) compilation, which was introduced in 2008 and was used to speed up specific JavaScript tasks. JIT enabled-engines effectively combine loosely typed JavaScript to machine code, right before it is needed. This is also known as speculative optimization. The JavaScript code is optimized through a series of complex processing pipelines which delivers significant performance gains. According to Norman, JavaScript engines are “a remarkably difficult security challenge for browsers,”. This technology allows engines to convert JavaScript into machine code right before it is executed, resulting in significant speed and usability gains but security losses. Although Norman claims that developers are willing to accept this cost because users want their browsers to be “fast”. JIT engines are frequently found to be vulnerable to security bugs.
Also Read: All you need to know about Microsoft’s Surface event
The level of additional protection the user receives is determined by one of two configurations: Balanced or Strict. The most significant difference is that the Balanced mode learns which websites the user visits frequently and relaxes restrictions on those domains, whereas the Strict mode applies restrictions to all websites, which may cause some elements to stop working properly in sites that use an extensive amount of JavaScripts. Users can also manually create exceptions for websites that they want to be exempt from the additional security measures. Super Duper Secure Mode can be enabled in the Edge settings menu at the bottom of the Privacy tab.
Image credits: Microsoft