CVE-2020-0767
📋 TL;DR
This is a remote code execution vulnerability in Microsoft's ChakraCore JavaScript engine that allows attackers to execute arbitrary code by exploiting memory corruption when handling objects. It affects systems running vulnerable versions of Microsoft Edge and applications using ChakraCore. Attackers could gain the same user rights as the current user.
💻 Affected Systems
- Microsoft Edge
- Applications using ChakraCore
📦 What is this software?
Chakracore by Microsoft
Edge by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining administrative privileges, installing malware, stealing data, and creating persistent backdoors.
Likely Case
Attacker executes code with current user privileges, potentially leading to credential theft, lateral movement, and data exfiltration.
If Mitigated
Limited impact due to sandboxing in Edge browser, but still significant risk for applications using ChakraCore outside browser context.
🎯 Exploit Status
Memory corruption vulnerabilities typically require careful exploitation but are often weaponized once reliable methods are developed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Microsoft Edge version 80.0.361.48 or later
Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0767
Restart Required: Yes
Instructions:
1. Open Microsoft Edge. 2. Click Settings and more (three dots) > Help and feedback > About Microsoft Edge. 3. Allow browser to check for and install updates. 4. Restart browser when prompted.
🔧 Temporary Workarounds
Disable JavaScript
windowsDisable JavaScript in Microsoft Edge to prevent exploitation via web content
Use Chromium-based Edge
windowsMigrate to the new Chromium-based Microsoft Edge which is not affected
🧯 If You Can't Patch
- Restrict access to untrusted websites and implement web content filtering
- Apply application whitelisting to prevent execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Check Microsoft Edge version: Open Edge > Settings and more > Help and feedback > About Microsoft Edge. If version is below 80.0.361.48, system is vulnerable.Check Version:
Start Microsoft Edge and navigate to edge://settings/helpVerify Fix Applied:
Verify Microsoft Edge version is 80.0.361.48 or higher using the same About Microsoft Edge menu.📡 Detection & Monitoring
Log Indicators:
- Unexpected Edge crashes
- Suspicious process creation from Edge
- Memory access violations in system logs
Network Indicators:
- Connections to known malicious domains from Edge process
- Unusual outbound traffic patterns
SIEM Query:
Process Creation where Parent Process Name contains 'msedge.exe' and Command Line contains suspicious patterns