You can now try Microsoft Edge’s “Super Duper Secure Mode”

Improving user security without affecting performance

The new mode is supposed to improve browser's security without limiting its performance

Microsoft Edge is an internet browser that replaced Internet Explorer, which ran slower and had other issues. Now Chromium-based Edge will let users test a new Super Duper Secure Mode (SDSM) meant to improve security by reducing the attack surface hackers can use without creating any slowdowns.

The new browser mode removes the Just-In-Time Compilation (JIT) from the V8 processing pipeline – an open-source JavaScript engine developed by The Chromium Project for Google Chrome and Chromium web browsers. It is designed to reduce the attack surface hackers can use to breach Edge. Besides making the JIT disabled, SDSM enables new security mitigations to make Edge a more secure browser.

About 45% of all vulnerabilities in V8 JavaScript are related to the JIT^[1] engine. Johnathan Norman, Microsoft Edge Vulnerability Research Lead, said:

This reduction of attack surface has potential to significantly improve user security; it would remove roughly half of the V8 bugs that must be fixed

Right now, when enabled, Super Duper Secure Mode disables JIT and enables Control-flow Enforcement Technology^[2] (CET), which is an Intel hardware-based exploit mitigation. In the future, Microsoft also wants to add support for Arbitrary Code Guard^[3] (ACG), additional security mitigation that would prevent loading malicious code into memory, a method used by most attackers targeting web browsers.

Although JavaScript plays a huge part in optimizing search engine performance, Microsoft browser researchers noted in their August 4 blog post about SDSM that they do not see much change in performance with JIT disabled. Microsoft is pretty clear that this is just a test, so do not rush to conclusions just yet.

You can try Super Duper Secure Mode in Edge Beta, Dev, or Canary

According to Microsoft, you should not experience any prominent performance drops, but keep in mind this is still an experimental mode. It is inevitable for some issues to pop up, so try it for yourself and see what happens.

If you have any of the Microsoft Edge preview releases – Beta, Dev, or Canary – installed, just type in the following in your Microsoft Edge address bar and switch on the new browser mode:

edge://flags/#edge-enable-super-duper-secure-mode

A new version of Chromium-based browser

Microsoft also released version 92 of its Edge browser not too long ago, on July 22. This new version comes with a number of new features which makes Microsoft Edge now even more attractive.

One new function is that the browser will help users avoid using the same password for multiple accounts and websites and tell them if their password is strong enough – it is called the Password Health Dashboard. Microsoft already had a Password Monitor feature before, meant to detect if the information users saved in autofill ended up on the Dark Web^[4] and the ability to auto-generate safe passwords. Saved credentials in auto-fill are also available to be transferred into other browsers and devices when using Edge on Mobile. This will make logging into mobile apps easier and faster.

It is no surprise why Microsoft keeps releasing updates and new features for its browser. The company wants to make Microsoft Edge the most secure search engine by adapting to attackers' improving tactics. The final goal is to eliminate entire classes of attacks. And the new SDSM is thought to be the most impactful improvement in attack surface area reduction and architectural change.

Microsoft's Windows Defender Application Guard provides an additional hardware isolation-level capability on top of Microsoft Edge’s formidable exploit mitigation and sandbox features, because of this, Microsoft Edge calls itself the most secure browser for enterprises.