The JIT compiler requires violating the standard w^x policy. Therefore, memory can be both writable and executable at the same time. This a very security concern because an attacker could inject and execute their own malicious code from the JIT region during exploitation of a vulnerability. Disabling this results in enormous attack surface reduction and will kill off a huge amount of browser exploits.
Looking at CVE (Common Vulnerabilities and Exposures) data after 2019 shows that roughly 45% of CVEs issued for V8 were related to the JIT engine.
Moreover, we know that attackers weaponize and abuse these bugs as well; an analysis from Mozilla shows that over half of the “in the wild” Chrome exploits abused a JIT bug.
Disabling JIT is quite simple.
Firefox
On Firefox you can go in the about:config page and change those settings:
javascript.options.ion to false
javascript.options.baselinejit to false
This approach works both on desktop and mobile. (Although, the stable version of Firefox on android doesn’t allow about:config page)
Chromium
On chromium based browsers you have to add this command line.
--js-flags="--jitless"
This approach works only on desktop browsers.
On android, the only browsers who enabled this feature are bromite and Vanadium.
The only site I’ve seen suffer during my one day of JITless this far is odysee but other than that I dont really notice any performance issues