Chrome and Edge browsers will get Intel CET security features

by ·

Chromium-based browsers such as Microsoft Edge and Google Chrome will soon support Intel CET security features to prevent various vulnerabilities. Intel CET (Control-flow Enforcement Technology) is a hardware security feature that was first introduced in 2016 and added to Intel’s 11th generation CPUs in 2020.

The CET function is designed to protect programs from Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks, which modify the normal flow of the application to execute the attacker’s malicious code.

Baiju V Patel from Intel explained: “JOP or ROP attacks can be particularly hard to detect or prevent because the attacker uses existing code running from executable memory in a creative way to change program behavior. What makes it hard to detect or prevent ROP/JOP is the fact that attacker uses existing code running from executable memory. Many software-based detection and prevention techniques have been developed and deployed with limited success.”

These vulnerabilities can allow an attacker to bypass the browser sandbox or execute remote code when visiting a website to attack the user’s computer. Intel CET is a hardware-based solution that prevents these attempts by triggering exceptions when modifying the natural flow of the program.
Currently, the Windows 10 operating system has taken the lead in supporting Intel CET through a function called Hardware-enforced Stack Protection.

In addition to adding support at the system level, in order for Windows applications to also support this feature, the application must first be compiled with the /CETCOMPAT linker flag in Visual Studio. When compiling with this flag, the program will be marked as compatible with CET Shadow Stack and added security protection.

Intel CET security feature applies to all Chromium browsers, including Google Chrome, Microsoft Edge, Brave, and Opera, etc. This feature is expected to be officially implemented in Chromium 90 in April 2021.

Tags: