Return of the JIT

jerm · July 11, 2024, 6:43pm

This blog post describes a workaround for an issue arising from recent changes around the V8 optimizer toggle in some Chromium-based web browsers on desktop platforms.

Some time back, Chromium introduced a new toggle named V8 optimizer that allowed users to disable JavaScript just-in-time (JIT) compilation. This feature dramatically enhanced security by reducing the attack surface at the cost of slightly degraded performance. For reference, V8 JIT compiler bugs have accounted for roughly 45% of all the CVEs issued for V8 at some point in time.

Valynor · July 11, 2024, 6:49pm

Regardless of the security benefits “slightly” might be a bit of an understatement.
It’s a very significant performance penalty.

Sharply · July 11, 2024, 9:51pm

I honestly disagree. Only place I’ve noticed any decrease in performance is sometimes loading advanced web apps like Proton Mail, but besides that I don’t notice a difference at all.

I guess it just depends on what sites you visit and how you use your browser, as well as your hardware.

sha123 · July 11, 2024, 10:04pm

Only on the very small number of websites which make heavy use of it, for example virustotal’s hash calculation. For all others it’s not really noticable. Edge’s SDSM whitepaper has statistics for it, which also show this. Been using JITless for years on multiple devices and browsers.

anonymous206 · July 11, 2024, 10:14pm

I hate this, especially since it’ll throw a captcha sometimes and start again.

Topic		Replies	Views
Arc Browser RCE Vulnerability (CVE-2024-45489) Off Topic	29	985	September 24, 2024
V8 JIT JavaScript/Wasm engine can be disabled & configured on a per-site basis in Chromium 122 Privacy	14	1973	February 29, 2024
This Week in Privacy #6 Articles	1	474	July 25, 2024
2022 Annual Reflection Articles	1	438	August 12, 2023
This Week in Privacy #1 Articles	6	383	June 13, 2024

Return of the JIT

Related topics