Quote:Google Chrome now hinders attackers' efforts to exploit security bugs on systems with Intel 11th Gen or AMD Zen 3 CPUs, running Windows 10 2004 or later.
 
This is possible after the adoption of Intel's Control-flow Enforcement Technology (CET), supported on Windows 10 computers through an implementation known as Hardware-enforced Stack Protection which adds enhanced exploit protection to all compatible devices.

Hardware-enforced Stack Protection uses the Intel CET chipset security extension to secure applications from common exploit techniques such as Return-Oriented Programming (ROP) and Jump Oriented Programming (JOP).
 
Attackers regularly use such exploitation techniques to hijack a program's intended control flow to execute malicious code with the end goal of escaping a browser's sandbox or executing code remotely when visiting maliciously crafted web pages.
 
Windows 10's Hardware-enforced Stack Protection blocks these attacks by triggering exceptions when it detects that an app's natural flow has been modified.
 
"With this mitigation the processor maintains a new, protected, stack of valid return addresses (a shadow stack)," said Chrome Platform Security Team Engineer Alex Gough.
"This improves security by making exploits more difficult to write. However, it may affect stability if software that loads itself into Chrome is not compatible with the mitigation."