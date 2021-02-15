Internet browsers are extremely popular software, so it is essential that they receive additional protections regularly. The latest initiative in this regard comes from Intel: a security technology called Intel Control-flow Enforcement (CET) will soon be supported by browsers based on Chromium, like the Google Chrome It’s from Microsoft Edge.

The CET was introduced by Intel in 2016 and incorporated into the company’s processors as of 2020. It is a technology implemented in hardware that aims to mitigate attacks based on at least two techniques: ROP (Return Oriented Programming) JOP (Jump Oriented Programming).

Basically, attacks based on these techniques modify an application’s execution flow to put malicious code in its place. Because they use part of legitimate code that was already running to modify the behavior of the software, detecting attacks of this type turns out to be quite a difficult task.

In browsers, attacks via ROP and JOP can be used to circumvent the sandbox (a restricted environment, which performs a task limiting its access to computer resources) or even allowing the execution of malicious code by simply opening a website.

Basically, Intel CET blocks attacks of this type by detecting changes in the execution flow and throwing exceptions. But the hardware implementation is only part of it. The software must also be compatible with the technology.

Windows 10 is already compatible with Intel CET thanks to the implementation of Hardware-enforced Stack Protection. Now, we know that the feature also is coming to Chromium and, in effect, the project-based browsers – Chrome and Edge should receive the feature in April.

A Firefox implementation is also expected, but there is still no information from Mozilla on when it will happen.

It is important to note, however, that only 11th generation Core processors and AMD Ryzen chips with Zen 3 architecture are currently compatible with Intel CET.

With information: BleepingComputer.