Google Chrome has borrowed a handy Windows 10 security feature

Hardware-enforced Stack Protection is now enabled in Chrome 90

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas added Hardware-enforced Stack Protection to the latest version ofChromein an effort to make it more difficult for attackers to exploit security bugs in its browser.

This security feature, which is supported onIntel 11th GenorAMD Zen 3CPUs, is already enabled inWindows 10asMicrosofthas adoptedIntel’s Control-flow Enforcement Technology (CET) through an implementation known as Hardware-enforced Stack Protection.

Hardware-enforced Stack Protection leverages the Intel CET chipset security extension to secure Windows applications from Return-Oriented Programming (ROP), Jump Oriented Programming and other common exploit techniques. These techniques are often used by crybercriminals to take over a program’s intended control flow and execute malicious code in order to escape a browser’s sandbox or execute code remotely. OnWindows 10, Hardware-enforced Stack Protection is able to block these kinds of attacks by triggering exceptions when an application’s natural flow has been modified.

In a newblog postannouncing the addition of Hardware-enforced Stack Protection to Chrome, Chrome Platform Security Team engineer Alex Gough explained that this mitigation allows a processor to create a protected stack of valid return addresses or a shadow stack that helps improve security by making exploits more difficult for attackers to write.

Hardware-enforced Stack Protection

Although Google has now added Hardware-enforced Stack Protection to Chrome, it isn’t the first Chromium-based browser to do so. With the release of the Canary build of version 90 ofMicrosoft Edgelast month, the software giant added support for Intel CET to its browser for non-renderer processes.

Now that two of thebest browsershave added support for Hardware-enforced Stack Protection, it’s likely that other Chromium-based browsers such as Brave and Opera will soon follow suit. At the same time though, Mozilla is also exploring adding support forIntel CETto Firefox though there haven’t been any updates on its progress since the idea was first proposed last year.

With many employees stillworking from homeand cloud adoption continually increasing, more of our work is done from a web browser than ever before. For this reason, efforts by Google and Microsoft to secure their browsers even further will help keep workers safe from new exploits and attacks designed to be delivered remotely.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case