Chromium-based browsers, for example, Microsoft Edge and Google Chrome will soon support the Intel CET security feature to prevent a wide range of vulnerabilities.
Intel’s Control-stream Enforcement Technology (CET) is a hardware security feature at first acquainted in 2016 and added with Intel’s 11th generation CPUs in 2020.
The CET feature is intended to protect programs from Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks that change an application’s normal flow so an attacker’s malicious code is executed instead.
“JOP or ROP attacks can be particularly hard to detect or prevent because the attacker uses existing code running from executable memory in a creative way to change program behavior,” describes Microsoft’s Baiju V Patel.
These vulnerabilities incorporate attacks that sidestep a browser’s sandbox or perform remote code execution while visiting web sites.
Intel CET is a hardware-based solution that blocks these endeavors by setting off special cases when the natural flow is modified.
Windows 10 supports Intel CET through an implementation called Hardware-authorized Stack Protection.
For Windows applications to support this feature, they should initially be arranged with the/CETCOMPAT linker flag in Visual Studio. When compiled with this flag, a program will be set apart as CET Shadow Stack-compatible and selected into the security protection.
This week, Microsoft Edge vulnerability research lead Johnathan Norman tweeted that Microsoft Edge 90 would support the Intel CET include in non-renderer processes.
Microsoft Edge, which depends on Chromium, uses numerous processes to perform different errands.
In light of Norman’s tweet, Intel CET will be used by the non-renderer processes, for example, the browser, GPU, utility, extension, and plugin processes.
This security feature doesn’t appear to be specific to Microsoft Edge however is going to all Chromium browsers, including Google Chrome, Brave, and Opera.
Mozilla is likewise investigating adding support for Intel CET in Firefox, however there has been no new announcement for their implementation.
Windows 10 clients running Intel 11th generation CPUs or AMD Zen 3 Ryzen CPUs, which likewise support CET, can utilize the Windows Task Manager to check if a process uses the hardware security feature.
To do this, open Task Manager, delve into the Details tab, right-click on a column header, and afterward ‘Select Colums.’
At the point when the ‘Select columns’ dialog opens, scroll to the bottom and put a checkmark in ‘Hardware-enforced Stack Protection.’ Once enabled, this column will show you which processes support the Intel CET security feature.
BleepingComputer doesn’t have any gadgets running 11th generation Intel CPUs to test this feature.
Google Chrome and Microsoft Edge 90 are required to be released on April 13, 2021.
