Microsoft Edge has added new security functionality to its upcoming beta version, promising security against unknown zero-day vulnerabilities that malicious actors could be exploiting to distribute malware, ransomware, or other nasties.
According to the browser patch release notes, admins will be able to apply the following Group Policies to end-user desktops in Windows, macOS, as well as Linux: EnhanceSecurityMode, EnhanceSecurityModeBypassListDomains, and EnhanceSecurityModeEnforceListDomains.
When turned on, the policies bring Hardware-enforced Stack Protection, Arbitrary Code Guard (ACG), and Content Flow Guard (CFG) as supporting security mitigations, Microsoft explained.
Auto-fill password protection
“These policies also make that important sites and line of business applications continue to work as expected,” the company claims. “This feature is a huge step forward because it lets us mitigate unforeseen active zero days (based on historical trends).”
This additional level of protection against unknown zero-days has been added to version 98.0.1108.23 of Edge Beta.
Microsoft also said it’s tweaking the way the browser auto-fills passwords. As things stand now, the browser already allows the users to add an extra password which the user needs to know, before allowing the browser to auto-fill other password fields. With the new feature, called Custom Primary Passwords, users will be able to authenticate themselves once, and have their saved passwords auto-filled into web forms.
On top of that, the company added the Super Duper Secure Mode to the Edge Stable channel, BleepingComputer reports. This feature removes Just-In-Time Compilation (JIT) from Edge’s V8 processing pipeline, “drastically reducing” the attack surface.
“This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers,” the publication cites Johnathan Norman, Microsoft Edge Vulnerability Research Lead.
The company aims to have the Super Duper Secure Mode support Arbitrary Code Guard.