Microsoft Edge is lacking in features, but one of its biggest selling points has always been its security. Microsoft has been working tirelessly to improve such features for enterprise, one of them being Arbitrary Code Guard (ACG). The feature stops attackers from executing malicious code through memory if they attack through the browser’s content process.
Though that bypass is mitigated, Fratric says there are ways determined attackers can bypass the mitigation. While ACG’s implementation is strong, a Windows 10 exploit mitigation called Control Flow Guard (CFG) that it depends on isn’t. This opens the PC to attack despite the protection of ACG.
A Long-Term Commitment
Though Fratric’s logic is clear, it’s also obvious he isn’t entirely impartial. In the paper, he promotes an alternative: Google Chrome. According to Fratric, Chrome’s site isolation could provide better protection in many cases.
Site isolation runs each webpage in its own sandboxed process, making it difficult for attackers to cause damage to the user’s system. Unfortunately, this also causes a significant memory hit of 10-20%.
With already significant competition it’s clear why Microsoft follows its own philosophy. Edge is sold as a fast, simple browser with little battery usage. Such an implementation could compromise that. Fratric also notes that the Edge team is dedicated to fixing this problem.
“Currently, with a lot of known bypasses, bypassing CFG in Windows is not difficult. However, should Microsoft be able to fix all the known weaknesses of CFG, including adding the return flow protection, the situation might change in the next couple of years,” he said. “As Microsoft already showed intention to do this, we believe this is their long-term plan.”