Skip to main content

This Microsoft Edge update could give users a major security boost

Microsoft Edge
(Image credit: Microsoft)

A significant security upgrade could soon be coming to Microsoft Edge - but it may seem a bit odd.

Microsoft has revealed details of an experiment it carried out with its web browser that disabled some features in order to boost extra security protection.

The aptly-named new "Super Duper Secure Mode" reportedly offers heightened security by disabling a system known as the JavaScript just-in-time (JIT) compiler.

Microsoft Edge security

The trial was revealed in a blog post by Microsoft Edge Vulnerability Research lead Johnathan Norman, who described JIT compiling as a "remarkably complex process that very few people understand and it has a small margin for error".

By disabling the system, which Norman notes could immediately remove half of all security bugs for the V8 JavaScript engine, Microsoft Edge was able to turn on extra protections such as Intel's Control-flow Enforcement Technology (CET) and the Winodws Arbitrary Code Guard (ACG) and Control Flow Guard (CFG).

Both of these systems were incompatible with JIT, but could help protect against a variety of threats, Norman noted - with the results apparently overwhelmingly proving his hypothesis.

"By disabling JIT, we can enable both mitigations and make exploitation of security bugs in any renderer process component more difficult," he wrote.

"This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers."

Users would not see any effect in terms of the browsing experience, despite Microsoft's tests finding that versions of Edge without JIT did show a 16.9% decrease in page load times and 2.3% hit in terms of memory usage.

Norman noted that the experiment was just that for the time being, and Super Duper Secure Mode would not be coming to the official Microsoft Edge release anytime soon.

However anyone wishing to try it out can do so in the Edge Canary, Dev, and Beta modes.

The news comes shortly after Microsoft Edge revealed a range of new customization options for users, including the option to change the default entry on allowing auto playing media in the browser, as well as "un-ignore" password health alerts for a particular website.

Mike Moore

Mike Moore is News & Features Editor across both TechRadar Pro and ITProPortal. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.