The JIT compiler requires violating the standard w^x policy. Therefore, memory can be both writable and executable at the same time. This a very security concern because an attacker could inject and execute their own malicious code from the JIT region during exploitation of a vulnerability. Disabling this results in enormous attack surface reduction and will kill off a huge amount of browser exploits.
Looking at CVE (Common Vulnerabilities and Exposures) data after 2019 shows that roughly 45% of CVEs issued for V8 were related to the JIT engine.
Moreover, we know that attackers weaponize and abuse these bugs as well; an analysis from Mozilla shows that over half of the “in the wild” Chrome exploits abused a JIT bug.
Disabling JIT is quite simple.
Firefox
On Firefox you can go in the about:config page and change those settings:
javascript.options.ion to false
javascript.options.baselinejit to false
This approach works both on desktop and mobile. (Although, the stable version of Firefox on android doesn’t allow about:config page)
Chromium
On chromium based browsers you have to add this command line.
--js-flags="--jitless"
This approach works only on desktop browsers.
On android, the only browsers who enabled this feature are bromite and Vanadium.
Are there any noticable side effects from disabling it?
Not really noticeable. I’m using vanadium in jitless mode right now and I can’t tell the difference beside a few exceptions. Bromite should work fine as well.
Good to know, thanks
I use bromite on Android and its very good. In the Microsoft Edge Blog post linked in this post https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ they talk about the effects.
Interesting, seems as if there’s mostly no difference, thanks for sharing!
JavaScript performance will suffer. Whether you notice it or not depends on what web apps you use and your computer’s hardware.
The only site I’ve seen suffer during my one day of JITless this far is odysee but other than that I dont really notice any performance issues
