The so-called CET feature, or Control-flow Enforcement Technology will prevent vulnerabilities.
Intel’s CET Feature to Be Added to Edge and Chrome
CET is a hardware component first introduced in 2016 and added to Intel’s 11th generation CPUs last year. Its purpose is to shield programs from Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks.
These specific attacks can alter the program’s usual flow in a way to allow attackers to execute malicious code. Furthermore, it is challenging to prevent or detect these attacks as the attacker utilizes existing code running from executable memory. This is “a creative way to change program behavior,” as explained by researcher Baiju V Patel from Microsoft.
The CET Feature in Browsers
In terms of browser security, ROP and JOP attacks include bypassing the browser’s sandbox or performing remote code execution. The CET feature provided by Intel will block these attempts by enabling exceptions when the natural flow is altered.
Windows 10 supports the feature via the Hardware-enforced Stack Protection.
“Hardware-enforced stack protection will only work on chipsets with Intel’s Control-flow Enforcement Technology (CET) instructions,” Microsoft says.
The feature will be included in all Chromium-based browsers, such as Google Chrome, Brave, and Opera.
Mozilla is also also planning to offer CET support to Firefox users, but the exact time of the implementation is not known yet.
If you are a Windows 10 user running Intel 11th generation CPU or AMD Zen 3 Ryzen CPU also supporting CET, you can check if a process uses CET via Windows Task Manager. Just follow these steps:
- Open Task Manager;
- Select Details tab;
- Right-click on a column header;
- Choose “Select Columns.”
Once the last dialogue opens, go to the bottom and select Hardware-enforced Stack Protection. By enabling it, you will know which processes support the security feature.