Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Microsoft Edge deepens defenses against malicious websites with enhanced security mode

Microsoft has introduced an optional feature to its Edge browser that applies more stringent security controls when users visit unfamiliar websites.

Enhanced security mode mitigates memory-related vulnerabilities by disabling just-in-time (JIT) JavaScript compilation, while activating additional operating system protections for the browser such as arbitrary code guard and hardware-enforced stack protection, according to Microsoft.

It said these changes provide “defense in depth” by making it harder for malicious sites to leverage unpatched vulnerabilities in order to write to executable code into memory.

Microsoft said the provision of a “rich browsing experience using powerful technologies like JavaScript” heightens the risks of visiting malicious sites. “With enhanced security mode, Microsoft Edge helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse,” said Redmond.

First of its kind

Rival browsers Chrome and Firefox currently lack equivalent features, although can be configured to disable features such as JIT.

As for Safari, Apple recently announced a new security feature aimed at defending users at potential risk of highly targeted cyber-attacks that also disables JIT and other complex web technologies, unless the user excludes a trusted site. Called Lockdown Mode, this feature is designed to protect journalists, politicians, and human rights activists from spyware.

The Microsoft Edge security team published analysis of the results of its experimentations with the new feature in August 2021 and February 2022.

The feature was rolled out in Microsoft Edge version 104, which was released August 5.

Three levels of security

The new feature, which is turned off by default, can be enabled as one of three modes.

In its ‘basic’ – and recommended – configuration, the feature applies “added security protection to the less visited sites”, but “preserves the user experience for the most popular sites on the web”, explained Microsoft.

Basic mode does not adapt according to user behavior. By contrast, ‘balanced’ mode “builds on user’s behavior on a particular device, and Microsoft’s understanding of risk across the web to give sites that users are most likely to use and trust full access to the web platform, while limiting what new and unfamiliar sites can do”.

Finally, the ‘strict’ setting applies enhanced safeguards universally against all sites. It isn’t recommended for most end users because of the additional configuration required for users “to complete their normal tasks”.

In all three modes, users can create exceptions for trusted websites, with enterprise admins able to create ‘allow’ and ‘deny’ lists.

Sites that use WebAssembly (WASM), a binary instruction format for stack-based virtual machines, are not currently supported by the feature. Sites that need WASM can be added to the exception site list.

An ‘added security’ banner appears in the URL navigation bar when enhanced security mode is activated for a particular site.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/microsoft-edge-deepens-defenses-against-malicious-websites-with-enhanced-security-mode

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO