In its ‘basic’ – and recommended – configuration, the feature applies “added security protection to the less visited sites”, but “preserves the user experience for the most popular sites on the web”, explained Microsoft.īasic mode does not adapt according to user behavior. The new feature, which is turned off by default, can be enabled as one of three modes. The feature was rolled out in Microsoft Edge version 104, which was released August 5. The Microsoft Edge security team published analysis of the results of its experimentations with the new feature in August 2021 and February 2022. Called Lockdown Mode, this feature is designed to protect journalists, politicians, and human rights activists from spyware.Ĭatch up with the latest browser security news Rival browsers Chrome and Firefox currently lack equivalent features, although can be configured to disable features such as JIT.Īs for Safari, Apple recently announced a new security feature aimed at defending users at potential risk of highly targeted cyber-attacks that also disables JIT and other complex web technologies, unless the user excludes a trusted site. “With enhanced security mode, Microsoft Edge helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse,” said Redmond.
Microsoft said the provision of a “rich browsing experience using powerful technologies like JavaScript” heightens the risks of visiting malicious sites. RELATED Chromium site isolation bypass allows wide range of attacks on browsers It said these changes provide “defense in depth” by making it harder for malicious sites to leverage unpatched vulnerabilities in order to write to executable code into memory. Microsoft has introduced an optional feature to its Edge browser that applies more stringent security controls when users visit unfamiliar websites.Įnhanced security mode mitigates memory-related vulnerabilities by disabling just-in-time (JIT) JavaScript compilation, while activating additional operating system protections for the browser such as arbitrary code guard and hardware-enforced stack protection, according to Microsoft.
Browser adds defense in depth to prevent abuse of unpatched vulnerabilities
0 kommentar(er)
