To protect the memory stack from hackers, Google unveiled that its Chrome 90 has used a new Windows 10 security feature called "Hardware-enforced Stack Protection". Hardware-enforced Stack Protection is which Microsoft previewed in March 2020, is meant to protect against return-oriented programming (ROP) malware attacks, by using CPU hardware to protect an application's code while running inside the CPU memory.
The added protection is permitted in Chrome 90 on Windows 20H1 with December update or later and on Intel 11th Gen or AMD Zen 3 CPUs, which feature Control-flow Enforcement Technology (CET), ZDNet reported.
For many years, Intel and Microsoft have been working on CET to thwart ROP attacks, which can bypass existing memory-exploit mitigations to install malware, the report said.
CET added "shadow stacks", which are used exclusively for control transfer operations. These shadow stacks are isolated from the data stack and protected from tampering, it added.
Google's Chrome platform security team advises that the shadow stack might cause problems for some software loaded into Chrome. "CET improves security by making exploits more difficult to write. However, it may affect stability if the software that loads itself into Chrome is not compatible with the mitigation," the Chrome security team said.
Google, however, has also provided details for developers who need to debug a problem in Chrome's shadow stack. Developers can see which processes have Hardware-enforced Stack Protection enabled in Windows Task Manager, the report said. Google describes ROP attacks as where "attackers take advantage of the process's code, as that must be executable".