Chrome 90 incorporates a security feature of Windows 10 to avoid making it difficult to exploit bugs




Version 90 of Google Chrome has arrived with an interesting security feature of Windows 10 under the arm call Hardware-enforced Stack Protection. A protection measure for memory against attackers, specifically for the memory stack.



Additional security, as counted from Mountain View, is enabled in Chrome 90 at Windows 20H1, version 2004, with the December update or later and in the 11th Gen Intel CPU or AMD Zen 3, which have the control flow boost technology, also known as CET.






This technology makes 'exploits' "more difficult to write", that is, it complicates the exploitation of security flaws.







'Sgroogled.com': When MICROSOFT Launched ANTI-GOOGLE Ads

Protecting memory




Binary Code 475664 1920




This mitigation technology aims to make it difficult for attackers to exploit security flaws by protecting a part of memory through what is known as shadow stacks. Memory batteries that are only used for this purpose, being isolated from the conventional battery and protected against alterations.



The Control-flow Enforcement Technology improves security, explain those responsible for the adoption of this technique by Google's browser, "making the exploits are more difficult to write ". However, it is not perfect and can cause system instability if the software loaded in Chrome does not support this mitigation.




Windows 10, thanks to this implementation in Google Chrome, will be able to block return-oriented programming attacks










Why I stopped using Google Chrome entirely: (spoiler) because I got a better browser






Windows 10, which provides this protection measure for programs running on it to enforce it, is capable of blocking ROP-type attacks or return-oriented programming when comparing the return addresses to verify their validity. This type of attack is capable of bypassing mitigations in order to host malicious programs on a system and, therefore, infect it for its purposes. In these cases, attackers take advantage of the executable code of the process itself.