Super Duper Secure Yanayin, fasalin tsaro wanda Microsoft Edge ke alfahari da shi

Alamar Microsoft

Kungiyar Bincike ta Microsoft Edge Vulnerability Research ta sanar da 'yan kwanaki da suka gabata gwaji tare da sabon aiki a cikin mai bincike. Gwajin ya haɗa da kashe naúrar JIT da gangan JavaScript da Majalisar yanar gizo, ta haka kuna samun babban haɓakawa da haɓaka aiki don ba da damar haɓaka sabbin abubuwan tsaro a cikin abin da kamfanin ke kira Edge Super Duper Secure Mode.

Kamfanin ya bayyana hakan Manufar ita ce rage farmakin farmakin masu amfani tsarin zamani wanda ya danganci kurakuran JavaScript kuma yana ƙaruwa ƙimar aiki ga maharan.

Microsoft ya ambaci cewa Chromium, wanda kuma ya dogara da injin JavaScript V8, injin injin buɗewa, ya zo tare da mai tarawa JIT wanda ke taka muhimmiyar rawa a duk masu binciken gidan yanar gizo na yanzu kuma yana aiki ta hanyar ɗaukar JavaScript da haɗa shi cikin lambar injin a gaba. wanda idan mai binciken yana buƙatar wannan lambar, za a hanzarta ta, idan ba ta buƙata, an goge lambar.

Wannan ana faɗi, masu siyar da burauza sun yarda cewa tallafin JIT a cikin V8 yana da rikitarwa kamar yadda mutane kalilan ne ke fahimtarsa ​​kuma yana da ƙarancin gefe don kuskure.

Dangane da bayanan CVE da aka tattara tun shekarar 2019, kusan 45% na raunin da aka samu a cikin injin JavaScript da WebAssembly V8 suna da alaƙa da mai tarawa na JIT, ko fiye da rabin duk raunin da ke cikin Chrome.

“Shafukan yanar gizo ba sa buƙatar JavaScript, ainihin abin da yake buƙata shine aikace-aikacen gidan yanar gizo guda ɗaya tare da samfura masu ƙyalli kamar gungura mara iyaka. Kuna samun abubuwa biyu a madadin, babban gidan yanar gizo mai sauri mai sauri da ingantaccen gidan yanar gizo mai tsaro. Misali, Amazon yana tallafawa sosai da amfani ba tare da JavaScript ba. Wani gwaji shine Stackoverflow, abubuwa kamar samfoti da haskakawa basa aiki. Za a iya ƙara haske tare da lambar gefen uwar garke, amma zai kashe lokacin CPU, kuma ba lokacin CPU ɗinku ba ne. Shin lokacin CPU ɗin ku ne? »Mun karanta a cikin sharhin.

Wannan shine dalilin da yasa waɗannan sakamakon suka ƙarfafa, ƙungiyar Edge a halin yanzu tana aiki a cikin abin da ƙungiyar gaskiya ta kira "Super Duper Secure Yanayin", Tsarin Edge wanda kuke kashe mai tarawa JIT kuma ku ba da damar wasu fasalolin tsaro guda uku, gami da fasahar Intel ta CET (ControlFlow -Enforcement Technology) da tsarin Windows ACG (Arbitrary Code Guard) - fasali guda biyu waɗanda galibi za su yi karo da aiwatar da JIT V8. .

"Ta hanyar kashe naurar JIT, za mu iya ba da damar ragewa da sanya shi mafi wahala a yi amfani da kwaroron tsaro a kowane bangare na aikin bayarwa," in ji shi. Wannan raguwa a farfajiyar farmaki yana kashe rabin kwari da muke gani a cikin abubuwan amfani, tare da kowane ɓoyayyen da ya rage yana da wahalar amfani. A ta wata hanya, muna rage farashi ga masu amfani, amma muna kara farashin masu kai hari. "

Duk da haka, Gwajin Microsoft gano cewa nau'ikan Edge ba tare da mai tarawa na JIT ba suna da raguwar 16,9% a lokacin ɗaukar kaya na shafin da raguwar kashi 2,3% a amfani da ƙwaƙwalwa. Amma wannan gwajin ya kasance mai ƙima ne kawai kuma Super Duper Secure Mode (SDSM) ba zai kasance wani ɓangare na sigar Microsoft Edge kowane lokaci ba da daɗewa ba.

Koyaya, masu amfani da riga-kafin Microsoft Edge (gami da Beta, Dev, da Canary) na iya ba da damar SDSM a gefen: // flags / # edge-enable-super-duper-tsaro-yanayin da kunna sabon fasalin.

Labarin yana zuwa jim kaɗan bayan Microsoft Edge ya bayyana tarin sabbin zaɓuɓɓuka. Zaɓuɓɓukan keɓancewa ga masu amfani, gami da ikon canza tsoffin shigarwar dangane da izini don kunna kafofin watsa labarai ta atomatik a cikin mai bincike, da kuma ikon “kashe” faɗakarwar matsayin kalmar sirri don takamaiman gidan yanar gizo. Tabbas, a cikin al'umma, muna godiya da ƙoƙarin Microsoft don rage farmakin farmaki ga masu amfani na ƙarshe waɗanda priori bai nemi duk Javascript da ke jigilarwa akan shafukan yanar gizo a yau ba.

Finalmente idan kuna sha'awar ƙarin sani game da, Kuna iya bincika cikakkun bayanai a cikin mahaɗin mai zuwa.


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.