What you need to know
- Microsoft Edge Canary now supports Super Duper Secure Mode on macOS.
- Super Duper Secure Mode is an experimental feature that disables the "Just-In-Time-Compilation" engine.
- Microsoft plans to let people control which websites use Super Duper Secure Mode.
Johnathan Norman, the Microsoft Edge vulnerability research lead, shared details about the update on Twitter this week. The new capabilities for Super Duper Secure Mode come with Edge Canary 94.0.992.0+.
Some popular sites such as Youtube and Facebook will have it disabled for now. Our plan is to provide users control over which sites run without SDSM but we still need to implement the logic and figure out a good default.Some popular sites such as Youtube and Facebook will have it disabled for now. Our plan is to provide users control over which sites run without SDSM but we still need to implement the logic and figure out a good default.— Johnathan Norman (@spoofyroot) August 24, 2021August 24, 2021
Norman notes that some sites, such as YouTube and Facebook, disable Super Duper Secure Mode. Microsoft plans to let people pick which sites use the feature in the future.
Super Duper Secure Mode works by disabling the "Just-in-Time-Compilation" (JIT) engine. Using the JIT engine can improve the performance of websites, but it comes at the cost of security.
"Performance and complexity often come at a cost, and often we bear this cost in the form of security bugs and subsequent patches," explains Microsoft. "Looking at CVE (Common Vulnerabilities and Exposures) data after 2019 shows that roughly 45% of CVEs issued for V8 were related to the JIT engine."
Microsoft found that disabling the JIT engine can reduce vulnerabilities. Super Duper Secure Mode is still in its early testing phases. Microsoft explains that it will likely change to something "more professional" in the future.
Edge Canary now lets people test out Super Duper Secure Mode on macOS. The feature aims to improve security without reducing browser performance.
