First spotted by The Record, Microsoft’s browser vulnerability research team is working on an experimental project that would automatically disable performance or optimization features to prioritize security when a threat is detected. Microsoft details the project in-depth in a blog post, writing, “our hope is to build something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers.” The tech giant explains that Super Duper Secure Mode will work by disabling the JIT in Javascript (known as just-in-time, a compilation that is done during the execution of a code). Microsoft hopes that disabling JIT and enabling other security features like CET (controlflow-enforcement technology) would remove roughly half of the bugs that must be fixed. “By disabling JIT, we can enable both mitigations and make exploitation of security bugs in any renderer process component more difficult,” Microsoft said. “This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers.” Microsoft said it plans to work on this project over the next few months. And while the name of the project is pretty cool, Microsoft said it will eventually change Super Duper Secure Mode to something more professional, if it launches it as a mainstay feature to the Edge browser. In recent years, the tech giant has been prioritizing its Edge browser, and is even shutting down Internet Explorer next year to solely focus on it. Microsoft said the Edge browser has improved compatibility, streamlined productivity, and better browser security than Internet Explorer.
