The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9e9ae5c744fa28bd50a3e7bb18d4f51016e560a2

commit 9e9ae5c744fa28bd50a3e7bb18d4f51016e560a2
Author: Penny MacNeil <pennymac@chromium.org>
Date: Tue Aug 08 01:35:38 2017

[Windows Sandbox] MS-signed binaries only, post-startup.

Enable MITIGATION_FORCE_MS_SIGNED_BINS post-startup (after warmup) on
all sandboxed child processes.  Any third-party modules must be loaded
at process startup.

Also includes a temporary emergency off switch. "WinSboxForceMsSigned" can be used on the command line to disable the block.

(Aside: this CL also removes the old emergency off switch around MITIGATION_EXTENSION_POINT_DISABLE - for child processes.)

TEST= sbox_integration_tests.exe, ProcessMitigationsTest.*
BUG= 750886 

Change-Id: I638aebade28ff42743b07d885dff8230a1e25c49
Reviewed-on: https://chromium-review.googlesource.com/596677
Commit-Queue: Penny MacNeil <pennymac@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#492495}
[modify] https://crrev.com/9e9ae5c744fa28bd50a3e7bb18d4f51016e560a2/content/common/sandbox_win.cc
[modify] https://crrev.com/9e9ae5c744fa28bd50a3e7bb18d4f51016e560a2/content/public/common/content_features.cc
[modify] https://crrev.com/9e9ae5c744fa28bd50a3e7bb18d4f51016e560a2/content/public/common/content_features.h

First hit canary in M62, branch 3180, 08 Aug 2017. (62.0.3180.x)

Here are the steps I used on Chrome Dev channel 62 since Beta was still on release 61. 

Start ZoomText 11.5.110.410 (64-bit) - I used Zoom Level 2.25
Start Google Chrome 62.0.3202.9 (Official Build) dev (64-bit) (cohort: Dev)
Fonts appear to be smooth, no anomalies seen. 
Note the following messages appeared. I didn't follow any of the instructions except opening ZoomText first for this specific test. 

https://screenshot.googleplex.com/DpyYfTXMJqd.png
https://screenshot.googleplex.com/ZQ66oHGEqKh.png

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0491c375745f4f948e7c41df2c0824d69fe39bee

commit 0491c375745f4f948e7c41df2c0824d69fe39bee
Author: Penny MacNeil <pennymac@chromium.org>
Date: Tue Mar 27 19:17:18 2018

[Windows Sandbox] Remove temp emergency-off switch.

Remove "WinSboxForceMsSigned" feature off switch.  The mitigation has been on for
all sandboxed child processes since M62.

R: forshaw@chromium.org
BUG:  750886 
Change-Id: I9ea899e512d16db110fe9da33fa2d50758c3da82
Reviewed-on: https://chromium-review.googlesource.com/972360
Commit-Queue: Penny MacNeil <pennymac@chromium.org>
Reviewed-by: James Forshaw <forshaw@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#546196}
[modify] https://crrev.com/0491c375745f4f948e7c41df2c0824d69fe39bee/services/service_manager/sandbox/features.cc
[modify] https://crrev.com/0491c375745f4f948e7c41df2c0824d69fe39bee/services/service_manager/sandbox/features.h
[modify] https://crrev.com/0491c375745f4f948e7c41df2c0824d69fe39bee/services/service_manager/sandbox/win/sandbox_win.cc