Google Chrome and Microsoft Edge are getting a major security update from Intel

Google Chrome
(Image credit: Shutterstpck)
Audio player loading…

Chromium web browsers, including Google Chrome (opens in new tab) and Microsoft Edge, will soon gain valuable security support from Intel. Both browsers will benefit from Intel Control-flow Enforcement Technology (CET) protection, providing they are running on devices powered by Intel’s 11th generation CPUs.

The CET security feature prevents exploits from hijacking an application’s usual control-flow transfer instructions, which is a method sometimes employed by attackers to inject malicious code. In particular, CET should protect against Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks.

“JOP or ROP attacks can be particularly hard to detect or prevent because the attacker uses existing code running from executable memory in a creative way to change program behavior,” Baiju V Patel, Security Fellow, Client Computing Group. Intel explains (opens in new tab). “What makes it hard to detect or prevent ROP/JOP is the fact that an attacker uses existing code running from executable memory. Many software-based detection and prevention techniques have been developed and deployed with limited success.”

Reinforcing defenses

However, because Intel CET is a hardware-based security solution (opens in new tab), only Chromium browsers running on devices with 11th generation Intel CPUs, which were released last year, will have access to this feature.

Windows 10 (opens in new tab) users can check if their device is making use of Intel CET by activating Task Manager, clicking on the "Details" tab, and choosing "Select Columns". By ticking “Hardware-enforced Stack Protection, individuals will be able to see which processes support the Intel CET feature. Hardware-enforced Stack Protection is the name of the implementation that Windows 10 devices (opens in new tab) use to support Intel CET.

Web browsers have to be increasingly careful against cyberattacks, with fake extensions (opens in new tab), in particular, proving to be a popular method of infecting victims with malicious code. In addition to Chromium browsers, Mozilla has also confirmed that it is exploring ways of adding support for Intel CET in Firefox.

Via Bleeping Computer (opens in new tab)

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.