Microsoft Edge has added a new feature to the Beta channel that will mitigate future in-the-wild exploitation of unknown zero-day vulnerabilities.
The new capability is part of a new browsing mode designed to focus on the Microsoft Edge’s security while navigating the web.
“This feature is a huge step forward because it lets us mitigate unforeseen active zero days (based on historical trends),” Microsoft explains.
“When turned on, this feature brings Hardware-enforced Stack Protection, Arbitrary Code Guard (ACG), and Content Flow Guard (CFG) as supporting security mitigations to increase users’ security on the web.”
Microsoft has included this extra layer of protection against zero-day bugs exploited in the wild with the release of version 98.0.1108.23 to the Microsoft Edge Beta Channel.
To help protect end-users from zero-day exploits, administrators can apply the EnhanceSecurityMode, EnhanceSecurityModeBypassListDomains, EnhanceSecurityModeEnforceListDomains to Windows, macOS, and Linux desktops.
“These policies also make that important sites and line of business applications continue to work as expected,” Microsoft added.
In the release notes for the latest Microsoft Edge Beta version, Microsoft also mentions the addition of a custom primary password that will allow users to add an extra authentication step before saved passwords are auto-filled in web forms.
Edge and the Super Duper Secure Mode
Microsoft also added a Super Duper Secure Mode to the Edge Stable channel for security improvements without significant performance losses in November.
Super Duper Mode removes Just-In-Time Compilation (JIT) from Edge’s V8 processing pipeline, drastically reducing the attack surface hackers can exploit to hack into users’ systems.
“This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers,” Johnathan Norman, Microsoft Edge Vulnerability Research Lead, explained.
When enabled, it also toggles on Intel’s Control-flow Enforcement Technology (CET), a hardware-based exploit mitigation that provides a more secure web browsing experience.
Microsoft also announced their goal to include support for Arbitrary Code Guard (ACG) to the Super Duper Secure Mode, another security mitigation that blocks attackers from loading malicious code into memory, a technique used by most web browser exploits.
Source: www.bleepingcomputer.com