“By disabling JIT, we can enable both mitigations and make exploitation of security bugs in any renderer process component more difficult,” explained Johnathan Norman, Microsoft Edge Vulnerability Research Lead. “This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers.”
If you want to try out Super Duper Secure Mode, you will need to open Microsoft Edge and go to the edge://flags page. Then type “Super Duper Secure Mode” in the search bar, enable this feature, and finally restart the browser.
However, keep in mind that the Super Duper Secure Mode is an experimental feature in Microsoft Edge, and it may break some websites. Norman noted that the company plans to bring this feature to other platforms, including macOS and Android.
In the meantime, Microsoft will keep listening to user feedback to improve this new Super Duper Secure Mode before making it generally available for everyone. “Our hope is to build something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers. Mitigations have a long history of being bypassed, so we are seeking feedback from the community to build something of lasting value,” Norman said today.