From 801752378beed7a4e76094c7b682b81a9956716f Mon Sep 17 00:00:00 2001 From: yokoffing <11689349+yokoffing@users.noreply.github.com> Date: Mon, 20 Apr 2026 16:49:29 -0400 Subject: [PATCH] Updated Optional Hardening (markdown) --- Optional-Hardening.md | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/Optional-Hardening.md b/Optional-Hardening.md index d9ef1f1..a2a5201 100644 --- a/Optional-Hardening.md +++ b/Optional-Hardening.md @@ -242,12 +242,19 @@ user_pref("browser.eme.ui.enabled", false); *** -### JIT Optimization -#### How JavaScript Compilers Work +### JavaScript Optimization +#### How compiler optimization works Browsers use a tiered system to process JavaScript. It is a trade-off between speed (performance) and safety (attack surface). + +
+ +read more + 1. **Interpreter**: reads the code line-by-line. It is the safest but slowest. -2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple machine code. It provides a good speed boost without complex logic that is easily exploitable. -3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions (e.g., "this variable is always an integer"). This is where the massive speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation). +2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple code. It provides a good speed boost without complex logic that is easily exploitable. +3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions. This is where most speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation). + +
#### Disable JIT optimization When you disable [V8 Optimization](https://windowsreport.com/google-chrome-v8-security-setting/) in Chrome, you are disabling Maglev (mid-tier optimizing compiler) and Turbofan (top-tier optimizer), but keeping Sparkplug (baseline compiler) and Ignition (interpreter). @@ -273,6 +280,9 @@ user_pref("javascript.options.wasm_optimizingjit", false); #### Disable WASM +> [!WARNING] +> Some apps and websites will malfunction if you disable WASM. + In Edge's version of disabling V8 Optimization ("[Enhance your security on the web](https://support.microsoft.com/en-us/microsoft-edge/enhance-your-security-on-the-web-with-microsoft-edge-b8199f13-b21b-4a08-a806-daed31a1929d)"), Edge is more likely to break websites because it disables WASM entirely and not just V8 optimization. If you disable WASM in Firefox, you might see similar breakage on sites that rely on it.