microsoftedge.github[.]io/edgevr/posts/Super-Duper-Secure-Mode/
The majority of browser security vulnerabilities that are being discovered [all too frequently] use the JavaScript JIT [Just In Time] compiler - wikipedia[.]org/wiki/Just-in-time_compilation - so Microsoft & Google are experimenting with turning JIT off. Microsoft calls it Super Duper Secure Mode, and it just made the transition from the Edge Beta to Stable versions. The option appears in Edge's settings menu, under Privacy... where you can turn it on/off, and choose between two modes, balanced, which will let JIT run for most commonly visited sites, turning it off elsewhere, and a stricter mode that just turns it off period. You can also add sites to an exception list.
So, are the performance gains provided by JIT worth the resulting security bugs, updates, and foregone security mitigations? The answer to that question is dependent on several factors. Are you viewing a blog or playing a game online? Are you visiting a trusted or untrusted site? As we continue our journey with this experiment, we will look to explore these factors and the impacts they can have on our users.
This is of course just an experiment; things are subject to change, and we have quite a few technical challenges to overcome. Also, our tongue-in-cheek name will likely need to change to something more professional when we launch as a feature. For now, we are going to continue having fun with it.If you decide to test the feature, please send us your feedback through the Feedback menu in Microsoft Edge. We are eager to hear about your experience.