Support Super Duper Secure Mode (disable V8 JIT) #19872
Comments
|
If you want to try this out, you can start Brave with Being able to disable it on a site-by-site basis would make this much more practical. |
|
I did not tested it but it looks like you can do it on unrooted Andrpid via Although it does not feel good because
|
|
Is there anyway to Disable Java JIT on Android ? Will this feature be implemented in the future ? Any updates ? Seems no one is responding on this one. |
|
@JohnBetaro
I think you may be confusing the JVM (Java) JIT and the V8 (Brave Browser) JIT. The V8 JIT (the subject of this thread) generates machine code from JavaScript or WebAssembly code running in the browser. This is presently a feature of V8 https://v8.dev/blog/jitless so it would be desirable to be able to turn this on or off within Brave Browser. Disabling the JVM JIT is an option when developing your own Java application, but I don't believe that is possible within Android. That would be a question for the Android Open Source Project. Hope that helps! |
Microsoft Edge has implemented a feature to disabled JIT in V8 completely or on a site-by-site basis. In their blog post describing the feature it was called Super Duper Secure Mode and they note that "roughly 45% of CVEs issued for V8 were related to the JIT engine".
When enabled, the default is to disable JIT (Turbofan and Sparkplug) for websites until they earn some trust. This feature is now in production in Microsoft Edge 96.0.1054.41.
In their research, the Edge team discovered that there were minimal impacts on performance for most sites. Some showed improvement.
Given the complexity of V8 and the empirical evidence that V8 JIT accounts for a significant portion of the CVEs in Chromium, I would like to see this feature to selectively disable V8 JIT imported into Brave as well.
The text was updated successfully, but these errors were encountered: