Iqela leMicrosoft Edge Vulnerability Research labhengeza kwiintsuku ezimbalwa ezidlulileyo ukuba ukuzama ngomsebenzi omtsha kwisikhangeli. Uvavanyo kubandakanya ukukhubaza ngabom ingqokelela yeJIT IJavaScript kunye neWebhu yokuHlanganisa, ngaloo ndlela ufumana ukusebenza okuphuculweyo kunye nokuphuculwa kokusebenza ukwenza uhlaziyo lokhuselo oluphambili ngakumbi kwinto ebizwa yinkampani iEdge Super Duper Mode ekhuselekileyo.
Inkampani ichaze oko umbono kukunciphisa umphezulu wohlaselo lokuxhaphaza Iinkqubo zale mihla ezisekwe kwiimpazamo zeJavaScript kwaye zonyusa kakhulu iindleko zokusebenza kwabahlaseli.
UMicrosoft ukhankanya ukuba iChromium, ethi yona isekwe kwiJavaScript V8 injini, injini yemithombo evulekileyo, iza nomqokeleli weJIT odlala indima ebalulekileyo kuzo zonke izikhangeli zewebhu kwaye usebenza ngokuthatha iJavaScript ayenze ikhowudi yomatshini kwangaphambi koko. Ke ukuba isikhangeli siyayifuna le khowudi, iya kukhawulezisa, ukuba ayiyifuni, ikhowudi iyacinywa.
Oko bekutshiwo, abathengisi bebhrawuza bayavuma ukuba inkxaso yeJIT yomqokeleli kwiV8 inzima njengoko bambalwa kakhulu abantu abayiqondayo kwaye inomda ophantsi wempazamo.
Ngokusekwe kwidatha ye-CVE eqokelelwe ukusukela nge-2019, malunga ne-45% yobuthathaka obufunyenwe kwiJavaScript kunye neWebhu yeVenkile yeV8 zazinxulumene nomhlanganisi weJIT, okanye ngaphezulu kwesiqingatha sabo bonke ubungozi kwiChannel.
“Iiwebhusayithi azifuni iJavaScript, eyona nto iyifunayo zizicelo zewebhu ezikwiphepha elinye ezinee-anti-templates njengokukrola okungapheliyo. Ufumana izinto ezimbini njengembuyekezo, i-duper ekhawulezayo yewebhu kunye nesikhangeli sewebhu esikhuselekileyo. Umzekelo, iAmazon ixhasa ukusetyenziswa ngaphandle kweJavaScript. Olunye ulingelo yiStackoverflow, izinto ezinje ngokujonga kuqala kunye nokuqaqambisa azisebenzi. Ukuqaqanjiswa kungongezwa ngekhowudi esecaleni kweseva, kodwa iya kubiza ixesha le-CPU, kwaye ayiloxesha lakho le-CPU. Ngaba lixesha lakho le-CPU? »Sifunde kumagqabantshintshi.
Kungenxa yoko le nto sikhuthazwa zezi ziphumo, Iqela le-Edge liyasebenza ngoku kwinto ebizwa liqela lokwenyani lokwenyani "Imo yoKhuseleko oluKhuselekileyo", Uqwalaselo lweEdge apho ukhubaza khona umhlanganisi weJIT kunye nokwenza ezinye izinto ezintathu zokhuseleko, kubandakanya itekhnoloji ye-Intel's CET (ControlFlow-Enforcing Technology) kunye nenkqubo yeWindows ACG (Arbitrary Code Guard) - izinto ezimbini ezinokuthi ziphikisane nokuphunyezwa kweJIT V8 .
Ngokukhubaza umhlanganisi weJIT, singenza ukuba sinciphise kwaye senze kube nzima ukuxhaphaza iincukuthu zokhuselo nakweliphi na icandelo lenkqubo yokunikezela, ubhale watsho. Oku kuncitshiswa komphezulu wohlaselo kubulala isiqingatha seebugs esizibonayo ekusebenziseni, ibug nganye esele isiya kuba nzima ukuxhaphaza. Ukuyibeka ngenye indlela, sinciphisa iindleko zabasebenzisi, kodwa sonyusa iindleko zabahlaseli. "
Nangona kunjalo, Uvavanyo lweMicrosoft ifumanise ukuba iinguqulelo ze-Edge ngaphandle komhlanganisi weJIT babenophungulo lwe-16,9% ngexesha lokulayisha kwiphepha kunye nokuncitshiswa kwe-2,3% ekusetyenzisweni kwememori. Kodwa olu vavanyo lwalusenziwa kuphela kwaye i-Super Duper Mode ekhuselekileyo (SDSM) ayizukuba yinxalenye yenguqulo esemthethweni yeMicrosoft Edge nangaliphi na ixesha kungekudala.
Nangona kunjalo, abasebenzisi bokukhutshwa kwangaphambili beMicrosoft Edge (kubandakanya iBeta, iDev, kunye neCanary) banokwenza i-SDSM iphele: // iiflegi / # i-edge-enable-super-duper-safe-mode kunye nokwenza inqaku elitsha.
Iindaba ziza kungekudala emva kokuba iMicrosoft Edge ityhile uninzi lwezinto ezintsha onokukhetha kuzo. Ukukhethwa komntu kubasebenzisi, kubandakanya ukubanakho ukutshintsha ungeno olungagqibekanga ngokubhekisele kwimvume yokudlala ngokuzenzekelayo imithombo yeendaba kwisikhangeli, kunye nokukwazi "ukucima" izilumkiso zobume begama eligqithisiweyo lewebhusayithi ethile. Ewe kuluntu, siyayixabisa iinzame zikaMicrosoft zokunciphisa indawo yokuhlaselwa kwabasebenzisi bokugqibela abangakhange bacele yonke iJavaScript ethunyelwa kumaphepha ewebhu namhlanje.
Gqibela ukuba unomdla wokwazi ngakumbi malunga, Ungajonga iinkcukacha kwikhonkco elilandelayo.