V8 JIT JavaScript/Wasm engine can be disabled & configured on a per-site basis in Chromium 122

Nobody seems to have noticed this here yet, but Chromium now has native support for configuring the V8 optimizer at chrome://settings/content/v8

This effectively brings Microsoft Edge’s Super Duper Secure Mode to all Chromium browsers, including the latest release of Brave:

For some reason the only announcement I could find about this feature was in the Chrome Enterprise/Education changelog.


Note that for Brave at least, per-site exceptions do not work unless you enable an “experimental” flag.

On a separate note, after a week of using this setting, the few sites in which I’ve observed breakages due to disabling V8 were Element (logging in via the official site and in-house/homeserver-provided clients) and FluffyChat.

Edit: huh, after the most recent update to Chromium 122.0.6261.94 on Brave, it seems that Element works across the board (albeit with noticable slowness) even without setting a site exception (Strict Origin Isolation enabled, V8 disabled).

So something under the hood must have been changed in the Chromium bump, which aligns with what @jonah tested in post 5 of this thread.


Interesting, can confirm that is the case in multiple Chromium browsers, and the suggested chrome://flags/#strict-origin-isolation flag fixes it. Worth noting that the bug only affects WebAssembly, but also I suspect Wasm is probably the main reason you’d want to add a per-site exception in the first place, so it’s a bit of a big deal.

Seems like enabling this flag might pose resource consumption issues: https://issues.chromium.org/issues/40601197 (but as the issue above notes, other projects have enabled the flag without issue, so…)

This explains why I was having trouble using per-site exceptions a few months ago when I was trying to do this with the JavaScriptJitAllowedForSites enterprise policy lol

1 Like

With this, does it mean Brave offers the same level of protection as Safari with lockdown mode enabled? I’m just wondering if I should change my default browser on desktop.

I’m confused, it seems like they’ve changed this behavior now between Chromium 122.0.6261.57 and 122.0.6261.94.

On the latest version if I go to test whether WebAssembly is enabled on a site like https://wasm-feature-detect.surma.technology/ it shows that it is enabled despite “Don’t allow sites to use the V8 optimizer” being set.

I guess this is intentional, so changing this setting isn’t truly, completely JITless as the enterprise policy name would suggest:


As of r1247811, there is a new site setting, which is entitled “Sites
can use the V8 optimizer”. The actual behavior of that setting, though,
is that it disables all use of JIT in the renderer, which means
disabling WebAssembly support altogether.

Since M122 is going to stable imminently, this change is the minimal fix
to avoid breaking an existing web API (wasm): the site setting’s
behavior is changed to match what the settings page describes. Since
this setting is also tied to enterprise policies:

  • DefaultJavaScriptJitSetting
  • JavaScriptJitAllowedForSites
  • JavaScriptJitBlockedForSites

This change will cause a behavior change for users of those policies:
webassembly will be enabled for sites for which it would previously have
been disabled.

I don’t understand why this (highlighted) was considered a bug.

Edit: In https://issues.chromium.org/issues/325974501 they indicate this might be fixed in 123.

1 Like

What are the actual privacy or security benefits of doing so ?

Has anyone found it on Brave Android ?
@Encounter5729 :
Disabled JIT = Attack surface reduction

It’s not there yet. Not even in nightly.

1 Like

Disabling JIT on Chromium Browsers on desktop has been available for a long time either via flags or enterprise/group policy, the latter also with site exceptions. This has also enabled additional exploit mitigations. Unfortunately it’s still not the same as on Edge from a usability perspective, since Drumbrake is missing.

Good point. Have used this flag for quite some time and experienced no negative downsides yet.

Even more protection, since Chromium is still stronger in some security areas.

1 Like

Would anyone mind launching the latest Google Chrome with --js-flags="--jitless" and letting me know whether Wasm Test says wasm is supported in your browser?

Installed the latest Google Chrome from Flathub
It gave me:

  • Start
  • typeof WebAssembly === “object”: false
  • Error caught: ReferenceError: WebAssembly is not defined
  • WebAssembly appears to NOT be supported :pleading_face:
  • Done
1 Like

Which version is that in chrome://version?


1 Like

Really strange. I dug out my Linux laptop and I do get that response as well, but I don’t see that on macOS or Windows :thinking:

If anyone not on Linux could try it that would be handy :slight_smile: