Updated Optional Hardening (markdown)

2026-06-12 15:40:48 +05:30 · 2026-04-20 16:49:29 -04:00
parent 3665f2ebab
commit 801752378b
1 changed files with 14 additions and 4 deletions
@@ -242,12 +242,19 @@ user_pref("browser.eme.ui.enabled", false);
 ***
-### JIT Optimization
+### JavaScript Optimization
-#### How JavaScript Compilers Work
+#### How compiler optimization works
 Browsers use a tiered system to process JavaScript. It is a trade-off between speed (performance) and safety (attack surface).
 <details>
 <summary>read more</summary>
 1. **Interpreter**: reads the code line-by-line. It is the safest but slowest.
-2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple machine code. It provides a good speed boost without complex logic that is easily exploitable.
+2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple code. It provides a good speed boost without complex logic that is easily exploitable.
-3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions (e.g., "this variable is always an integer"). This is where the massive speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
+3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions. This is where most speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
 </details>
 #### Disable JIT optimization
 When you disable [V8 Optimization](https://windowsreport.com/google-chrome-v8-security-setting/) in Chrome, you are disabling Maglev (mid-tier optimizing compiler) and Turbofan (top-tier optimizer), but keeping Sparkplug (baseline compiler) and Ignition (interpreter).
@@ -273,6 +280,9 @@ user_pref("javascript.options.wasm_optimizingjit", false);
 #### Disable WASM
 > [!WARNING]
 > Some apps and websites will malfunction if you disable WASM.
 In Edge's version of disabling V8 Optimization ("[Enhance your security on the web](https://support.microsoft.com/en-us/microsoft-edge/enhance-your-security-on-the-web-with-microsoft-edge-b8199f13-b21b-4a08-a806-daed31a1929d)"), Edge is more likely to break websites because it disables WASM entirely and not just V8 optimization.
 If you disable WASM in Firefox, you might see similar breakage on sites that rely on it.