The JIT compiler requires violating the standard w^x policy. Therefore, memory can be both writable and executable at the same time. This a very security concern because an attacker could inject and execute their own malicious code from the JIT region during exploitation of a vulnerability. Disabling this results in enormous attack surface reduction and will kill off a huge amount of browser exploits.

Looking at CVE (Common Vulnerabilities and Exposures) data after 2019 shows that roughly 45% of CVEs issued for V8 were related to the JIT engine.

Moreover, we know that attackers weaponize and abuse these bugs as well; an analysis from Mozilla shows that over half of the “in the wild” Chrome exploits abused a JIT bug.

Source.

Disabling JIT is quite simple.

Firefox

On Firefox you can go in the about:config page and change those settings:

javascript.options.ion to false javascript.options.baselinejit to false

This approach works both on desktop and mobile. (Although, the stable version of Firefox on android doesn’t allow about:config page)

Chromium

On chromium based browsers you have to add this command line.

--js-flags="--jitless"

This approach works only on desktop browsers.

On android, the only browsers who enabled this feature are bromite and Vanadium.