Microsoft Edge Vulnerability Research Team yakazivisa mazuva mashoma apfuura izvozvo kuyedza nebasa nyowani mubrowser. Kuedza inosanganisira nemaune kuremadza iyo JIT compiler JavaScript uye WebAssembly, nekudaro iwe unowana hukuru hwekugadzirisa uye kugadzirisa kuita kugonesa mamwe epamberi ekuchengetedza ekuvandudzwa mune izvo zvinodaidzwa nekambani Edge Super Duper Yakachengeteka Mamiriro.
Iyo kambani yakatsanangura izvo zano ndere kudzora kurwisa pamusoro pezviitwa emazuva ano masisitimu ayo akavakirwa paJavaScript zvikanganiso uye anoshamisa kuwedzera mutengo wekushanda kwevanorwisa.
Microsoft inotaura kuti Chromium, iyo inoenderana neiyo JavaScript V8 injini, yakavhurwa sosi injini, inouya neJIT compiler iyo inoita basa rakakosha mune ese aripo mabhurawuza ewebhu uye inoshanda nekutora JavaScript nekuinyora ikaita muchina kodhi pamberi. nayo kana bhurawuza ichida kodhi iyi, ichawedzeredzwa, kana isingade, kodhi yacho inobviswa.
Izvo zvataurwa, vatengesi vebrowser vanobvuma kuti JIT compiler rutsigiro muV8 yakaoma sezvo vashoma kwazvo vanhu vanoinzwisisa uye ine yakaderera marginal yekukanganisa.
Zvichienderana neCVE dhata yakaunganidzwa kubvira 2019, ingangoita 45% yekushomeka kunowanikwa muJavaScript injini uye WebAssembly V8 yaive yakabatana neyeJIT compiler, kana inopfuura hafu yezvose zvinokuvadzwa muChannel.
“Mawebhusaiti haadi JavaScript, chinonyatsoda iwo mapeji ewebhu ega ega nema anti-templates senge kusapeta kusingaperi. Iwe unowana zvinhu zviviri mukudzoka, iyo super duper inokurumidza webhu uye yakachengeteka zvakanyanya yewebhu browser. Semuenzaniso, Amazon inonyatsotsigira inoshandisa pasina JavaScript. Imwe bvunzo ndeye Stackoverflow, zvinhu zvakaita sekufanoona uye kujekesa hazvishande. Iko kusimudzira kunogona kuwedzerwa ne server-parutivi kodhi, asi zvinoda mari CPU nguva, uye haisi yako CPU nguva. Inguva yako CPU here? »Takaverenga mune zvakataurwa.
Ndokusaka uchikurudzirwa nemhedzisiro iyi, iyo timu yeEdge irikushanda parizvino mune izvo chaicho timu chaiyo inodaidza "Super Duper Yakachengeteka Mamiriro", Kugadziriswa kweEdge maunoremadza compiler yeJIT uye kugonesa zvimwe zvinhu zvitatu zvekuchengetedza, zvinosanganisira Intel's CET (ControlFlow-Enforcing Technology) tekinoroji uye Windows ACG (Arbitrary Code Guard) maitiro - maviri maficha anowanzo kupokana nekuitwa kweJIT V8 .
"Nekuremadza iyo JIT compiler, isu tinokwanisa kugonesa kudzikisira uye nekuita kuti zvinyanye kuomarara kushandisa tsikidzi tsikidzi mune chero chinhu chekushandura kwacho," akanyora kudaro. Uku kuderedzwa kwekurwisa pamusoro kunouraya hafu yemabhugi atinoona mukushandisa, uye yega yega inosara bug ichiva yakaoma kushandisa. Kuzviisa neimwe nzira, tiri kudzikisira vashandisi mitengo, asi tichiwedzera mari yevanorwisa. "
Zvisinei, Kuedzwa kweMicrosoft vakawana kuti Edge shanduro vasina muunganidzi weJIT vaive ne16,9% kudzikiswa munguva yekutakura ye peji uye kuderedzwa kwe2,3% mukushandisa ndangariro. Asi kuyedza uku kwaingova kwekuedza uye Super Duper Yakachengeteka Mode (SDSM) haizove chikamu cheiyo yepamutemo vhezheni yeMicrosoft Edge chero nguva munguva pfupi.
Nekudaro, pre-kusunungura vashandisi veMicrosoft Edge (inosanganisira Beta, Dev, uye Canary) inogona kugonesa SDSM kumucheto: // mireza / # kumucheto-gonesa-super-duper-yakachengeteka-modhi uye kugonesa iyo nyowani ficha.
Nhau idzi dzinouya nguva pfupi yapfuura mushure mekunge Microsoft Edge yaburitsa huwandu hwesarudzo nyowani. Sarudzo dzekushandura dzevashandisi, kusanganisira kugona kushandura iyo yekupinda yekuita maererano nemvumo yekuvhura midhiya mubrowser, pamwe nekugona "kudzima" password mamiriro ezvewebsite. Ehezve, munharaunda, tinoonga kuedza kweMicrosoft kudzikisa nzvimbo yekurwisa yevashandisi vekupedzisira avo priori vasina kukumbira JavaScript yese inotumirwa pamapeji ewebhu nhasi.
Finalmente kana iwe uchifarira kuziva zvakawanda nezve, Unogona kutarisa ruzivo mune inotevera chinongedzo.