Google Chrome Bolsters Security by Enabling New Exploit Protection Feature



Google Chrome has enhanced user data security by enabling hardware-enforced stack protection technology that was first adopted on Windows 10 last year. The enhanced security on the browser can help restrict attackers from exploiting security bugs on the system. The hardware-enforced stack protection technology works with computers based on Windows 20H1 (December Update) or later, running on processors with Control-flow Enforcement Technology (CET) such as AMD Zen 3 Ryzen and 11th-generation Intel CPUs. It is also a part of Chrome 90, the browser version that Google released last month.

Although Google Chrome already has a multi-process architecture that reduces the severity of a bug, stack protection is designed to further enhance security by using the CET chip security extension. This enables the CPU to maintain a shadow stack along with the existing stack that cannot be directly manipulated by normal program code.

The stack protection technology is designed to provide security against exploitation techniques such as Return-Oriented Programming (ROP) and Jump Oriented Programming (JOP). Both these techniques are often used by attackers to gain access to a system by executing malicious code through a browser. The technology may allow an attacker to execute a small fragment of their code but is crafted to stop them when they try to run the malicious code fully.

Having said that, Google does acknowledge that stack protection can be bypassed in some contexts. It is, thus, working to bring another Windows-focussed technology called Control Flow Guard (CFG) that further reduces the scope of getting exploited by attackers.

If you have a Windows 10 system with CET-compatible CPU, you can check if Chrome is using the hardware-enforced protection through Windows Task Manager. It can be viewed by going to Details > Select Columns and enabling the Hardware-enforced Stack Protection option from the Task Manager application.

Similar to Google’s efforts, Microsoft in February enabled support for Intel’s CET within Edge 90 (Canary). Mozilla is also working on enabling CET support to offer the same hardware protection on its Firefox browser.


We dive into all things Apple — iPad Pro, iMac, Apple TV 4K, and AirTag — this week on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.


Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips.
More

Sony May Have Discontinued Its A-Mount DSLR Cameras, E-Commerce Listing Suggests

Related Stories







Source link

https://www.cupbord.com/google-chrome-bolsters-security-by-enabling-new-exploit-protection-feature/

Comments

Popular posts from this blog

Biden inauguration prayers: O’Donovan and Beaman represent the new president’s priorities

تحاور الحكومة الصينية فى أكثر من 45000 تطبيق من متجرها Apple بسبب اللوائح

قد يبدأ الفيسبوك Facebook في مراقبة سلوكيات الممثلين السيئين من خلال النظام الأساسي المخفي القائم على الروبوت