Microsoft's browser vulnerability team is currently working on a mode that will make Edge browser safer. (via The Record). Although the mode is still experimental, it could make it more difficult for attackers to exploit Microsoft's browser bugs by disabling certain optimizations.The mode disables Edges jаvascript engine's feature that speeds up websites' code. This makes the browser super secure. Just-In-Time compilation, or JIT, is a technology that can improve performance but it's also extremely complex. This allows bugs to easily slip in, which can lead security exploits. Microsoft points out that Mozilla's analysis showed that JIT was responsible for over half the Chrome exploits that were discovered since 2018.This video will give you a good overview of Just-In-Time for jаvascript if you have programming skills.There are some concerns about the possibility that technology used to speed up large parts of websites could be disabled. Although the blog post mentions that jаvascript benchmark scores can be significantly lower if JIT is disabled, the team claims that people don't notice any difference in real life.At least I can back it up. I enabled Super Duper Secure Mode on my own computer (if you are running Edge test, you can use a flag to enable the mode), and I have not noticed any websites feeling slow. It is possible to notice a difference in your web usage if you use complex webapps. Microsoft does mention that it is looking at making the mode smarter by having it turn protections off or on based on how resource-intensive it may be.Although the experimental mode is still in its early stages, there are some things that the team would like to make possible. It doesn't work on all Edge platforms and there are technical hurdles to overcome before the feature launches. This is exciting work, though, since Edge is built on Chromium and uses the same jаvascript engine as Chrome. If the Edge feature is successful, it's possible that other browsers will adopt the feature.Johnathan Norman, vulnerability researcher, says the name is Tesla-esque. This is partly because it would be difficult to explain how super secure something is to lawyers. Microsoft could still make it work without exposing additional liability. While people may be upset if they fall victim to exploits in Super Duper Secure Mode, it would provide some welcome joy to the browser.
