Control Flow Guard is a feature of Windows Defender that was introduced with Windows 8.1 and extended to Windows 10. Importantly, it is not available for Windows 7, hence the performance gap in Chromium. Vivaldi run Chromium unit tests on Windows 7 and found they were running faster than on the much newer Windows 10. After being informed of the problem, Google run its own internal tests. Bruce Dawson, a Google engineer, found that Control Flow Guard is the problem. In fact, he said “CFG strikes again”, suggesting Google has experienced difficulties working with the security measure before. Google has now disabled the tool in their tests and sent the information to Microsoft. In response, the Windows Kernel Team confirmed the problem and said a fix will be sent out within the next few weeks. We guess that means when the May Patch Tuesday rolls around.
— Bruce Dawson (Antifa) (@BruceDawson0xB) April 24, 2019
End User Problems
Dawson published a blog post to accompany his findings, and said the problem may not be overly noticeable on Chrome. That’s because “there is no sign this affects Chrome itself because only large .exe files are affected”. However, Yngve Petterson, the Vivaldi engineer who found the CFG flaw says browsers like Chrome and Vivaldi may be affected. “It could be the issue that affects normal browser usage too, since both Chrome and Vivaldi start new processes for each tab, but as much of actual code is located in DLLs shared among the processes, and Windows CFG is reused for DLLs, it might not be noticeable in normal use” Either way, it is possible to disable Control Flow Guard in Windows 10 via this path: