Microsoft has announced that it's testing the "Super Duper Secure Mode" on the Edge browser. The new feature aims to improve the browser's security without compromising its performance.
Since the feature is still in its experimental stage, users cannot access it yet on a regular Edge browser. However, they can try it by enabling its flag via edge://flags in Canary, Dev, and Beta. Once enabled, the "Super Duper Secure Mode" will remove the Just-In-Time Compilation (JIT) from the V8 processing pipeline. JIT was introduced to browsers way back in 2008 to speed up specific JavaScript tasks.
According to Microsoft's Vulnerability Research team, hackers favour the vulnerability of the JavaScript engine bugs as "they provide powerful exploit primitives, there is a steady stream of bugs, and exploitation of these bugs often follows a straightforward template". Microsoft listed some common JavaScript engine exploitations such as fake an object, get addroff primitive, and achieve arbitrary write.
Disabling the JIT engine means it would reduce the vulnerability potential of the browser as "it would remove roughly half of the V8 bugs that must be fixed". The team has performed hundreds of performance tests as part of its experiment and claimed, "Anecdotally, we find that users with JIT disabled rarely notice a difference in their daily browsing".
