Skip to main content
Cromite disables JavaScript Just-In-Time (JIT) compilation by default for security reasons. This guide explains why and how to enable it selectively.

What is JIT?

JIT (Just-In-Time compilation) is a feature of Chromium’s V8 JavaScript engine that compiles JavaScript code to native machine code at runtime for faster execution.
JIT can significantly improve JavaScript performance, especially for complex web applications, but introduces security risks.

Why is JIT Disabled by Default?

Security Implications

JIT compilation creates several security vulnerabilities:
JIT is a common attack vector for browser exploits.

Memory Permissions

JIT requires memory regions with read/write/execute permissions simultaneously. This combination:
  • Enables code injection attacks
  • Allows exploitation of memory corruption bugs
  • Provides attackers with executable memory regions
  • Can be exploited through Use-After-Free (UAF) vulnerabilities
Memory Region: RWX (Read/Write/Execute)
Risk Level: High
Attack Surface: Large

Sandbox Escapes

JIT vulnerabilities have been exploited to:
  • Escape the Chromium sandbox
  • Gain access to privileged processes
  • Execute arbitrary code outside the renderer process
  • Compromise system security

Shared Memory

JIT enables shared memory exchange between different frames:
  • Powerful performance feature
  • Significant security risk
  • Potential for cross-frame attacks
  • Information leakage between origins

Performance Trade-off

Disabling JIT provides security benefits at the cost of JavaScript performance:

Security Benefits

  • Smaller attack surface
  • Reduced sandbox escape risk
  • Protection against JIT-specific exploits
  • Stronger memory protections

Performance Impact

  • Slower JavaScript execution
  • Reduced responsiveness on complex sites
  • WebAssembly may not function
  • Heavy web apps may struggle

When to Enable JIT

Consider enabling JIT in these scenarios:
Enable JIT for websites you trust completely, such as:
  • Banking sites
  • Work applications
  • Personal projects
  • Known-safe services
Sites with heavy JavaScript workloads:
  • Online IDEs and code editors
  • Video conferencing platforms
  • 3D visualization tools
  • Complex web applications
  • Online gaming platforms
WebAssembly requires JIT to function:
  • Compiled C/C++ applications
  • High-performance web apps
  • Advanced graphics applications
  • Scientific computing tools
Only enable JIT for websites you trust. Never enable it globally for all sites.

How to Enable JIT Per-Site

Cromite allows you to enable JIT selectively for specific websites through the UI:
1

Visit the Website

Navigate to the website where you want to enable JIT.
2

Open Site Settings

Tap the lock icon (or site info icon) in the address bar to open the site information panel.
Open site settings
3

Access Permissions

Tap Site settings or Permissions to view all permissions for the current site.
Site settings menu
4

Enable JavaScript JIT

Find the JavaScript JIT option and toggle it to Allowed.
Enable JIT for site
5

Reload the Page

Refresh the page for the changes to take effect. JavaScript will now be JIT-compiled for this site.
JIT settings are remembered per-site. You only need to enable it once for each domain.

Managing JIT Settings

View All JIT Permissions

Check which sites have JIT enabled:
1

Open Settings

Navigate to Settings in Cromite.
2

Site Settings

Go to Site settingsJavaScript JIT.
3

Review Permissions

View and manage all sites with JIT enabled.

Remove JIT Permission

Revoke JIT access for a specific site:
1

Find Site

In Site settingsJavaScript JIT, locate the site.
2

Tap Site

Tap on the site to open its individual settings.
3

Change Permission

Change JavaScript JIT from Allowed to Blocked.

Global JIT Settings

Enabling JIT globally is NOT recommended for security reasons.
If you must enable JIT globally (not recommended):
1

Open chrome://flags

Navigate to chrome://flags in the address bar.
2

Search for JIT

Search for “javascript jit” or “enable-javascript-jit”.
3

Enable Flag

Change the flag to Enabled.
4

Restart Browser

Relaunch Cromite for the change to take effect.

Performance Comparison

With JIT Disabled (Default)

  • Startup: Fast
  • Simple scripts: Minimal impact
  • Complex apps: Noticeably slower
  • WebAssembly: Non-functional
  • Security: Enhanced

With JIT Enabled

  • Startup: Slightly slower (compilation overhead)
  • Simple scripts: Faster after warm-up
  • Complex apps: Significantly faster
  • WebAssembly: Fully functional
  • Security: Reduced (larger attack surface)

WebAssembly Support

WebAssembly (Wasm) requires JIT to be enabled for the site.
If a website uses WebAssembly and you see errors:
  1. Check browser console for Wasm-related errors
  2. Enable JIT for the site using the steps above
  3. Reload the page
Sites that rely on WebAssembly will typically display an error message or fail to load properly when JIT is disabled.

Best Practices

Whitelist Approach

  • Keep JIT disabled by default
  • Enable only for trusted sites
  • Regularly review enabled sites
  • Remove permission when no longer needed

Security First

  • Never enable globally
  • Avoid enabling for unknown sites
  • Be cautious with user-generated content sites
  • Monitor for suspicious behavior

Troubleshooting

Site Not Working After Disabling JIT

If a site stops working after you disable JIT:
1

Check Console

Open Developer Tools (if available) to check for JavaScript errors.
2

Test with JIT

Temporarily enable JIT to confirm it’s the cause.
3

Report Issue

If the site should work without JIT, report the issue to the website owner.

Performance Issues

If pages load slowly:
  • Enable JIT for frequently visited sites
  • Consider performance vs. security trade-offs
  • Check if the site uses WebAssembly
For unresponsive applications:
  • Enable JIT specifically for that app
  • Check network conditions
  • Verify the app is compatible with Cromite

Security Recommendations

Exercise extreme caution when enabling JIT, especially on public or unsecured networks.
  1. Default State: Keep JIT disabled globally
  2. Trust Level: Only enable for explicitly trusted sites
  3. Review Regularly: Periodically audit enabled sites
  4. Limit Scope: Enable per-site, never globally
  5. Revoke Access: Remove JIT permission after completing tasks
  6. Public Networks: Avoid enabling JIT on public Wi-Fi
  7. High-Value Targets: Never enable on financial or sensitive sites unless absolutely necessary

Technical Details

V8 Engine Behavior

With JIT disabled:
  • JavaScript is interpreted or uses baseline compiler
  • No optimizing compiler (TurboFan)
  • No inline caching optimizations
  • Reduced peak performance but safer execution
With JIT enabled:
  • Full V8 optimization pipeline
  • TurboFan optimizing compiler active
  • Inline caching and speculative optimizations
  • Maximum performance but larger attack surface
For more technical details on V8 JIT compilation, see the V8 documentation.

Build docs developers (and LLMs) love

Get started for freeTalk to us