Google Chrome Embraces Exploit Protection Feature Available on Windows 10

Google Chrome’s new move is aimed at reducing commonly processed exploitation attacks.

By Jagmeet Singh | Updated: 5 May 2021 17:33 IST

Google Chrome Embraces Exploit Protection Feature Available on Windows 10

Google Chrome will be able to restrict exploitation attacks using hardware-based tech

Highlights

Google Chrome has brought support for hardware-enforced stack protection
The technology was initially available on Windows 10
It can stop the execution of malicious code by hackers

Google Chrome has enhanced user data security by enabling hardware-enforced stack protection technology that was first adopted on Windows 10 last year. The enhanced security on the browser can help restrict attackers from exploiting security bugs on the system. The hardware-enforced stack protection technology works with computers based on Windows 20H1 (December Update) or later, running on processors with Control-flow Enforcement Technology (CET) such as AMD Zen 3 Ryzen and 11th-generation Intel CPUs. It is also a part of Chrome 90, the browser version that Google released last month.

Although Google Chrome already has a multi-process architecture that reduces the severity of a bug, stack protection is designed to further enhance security by using the CET chip security extension. This enables the CPU to maintain a shadow stack along with the existing stack that cannot be directly manipulated by normal program code.

The stack protection technology is designed to provide security against exploitation techniques such as Return-Oriented Programming (ROP) and Jump Oriented Programming (JOP). Both these techniques are often used by attackers to gain access to a system by executing malicious code through a browser. The technology may allow an attacker to execute a small fragment of their code but is crafted to stop them when they try to run the malicious code fully.

Google Chrome Gets Security Update for Windows, Mac, Linux Devices

Having said that, Google does acknowledge that stack protection can be bypassed in some contexts. It is, thus, working to bring another Windows-focussed technology called Control Flow Guard (CFG) that further reduces the scope of getting exploited by attackers.

If you have a Windows 10 system with CET-compatible CPU, you can check if Chrome is using the hardware-enforced protection through Windows Task Manager. It can be viewed by going to Details > Select Columns and enabling the Hardware-enforced Stack Protection option from the Task Manager application.

Similar to Google's efforts, Microsoft in February enabled support for Intel's CET within Edge 90 (Canary). Mozilla is also working on enabling CET support to offer the same hardware protection on its Firefox browser.

We dive into all things Apple — iPad Pro, iMac, Apple TV 4K, and AirTag — this week on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.