CVE-2020-0826
📋 TL;DR
This is a remote code execution vulnerability in Microsoft's ChakraCore JavaScript engine that allows attackers to execute arbitrary code by exploiting memory corruption when handling objects. It affects systems running vulnerable versions of Microsoft Edge (EdgeHTML-based) and applications using ChakraCore. Attackers could gain the same user rights as the current user.
💻 Affected Systems
- Microsoft Edge (EdgeHTML-based)
- ChakraCore
📦 What is this software?
Chakracore by Microsoft
Edge by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining SYSTEM privileges, installing malware, stealing data, and creating persistent backdoors.
Likely Case
Attacker executes code with user privileges, potentially leading to credential theft, lateral movement, and data exfiltration.
If Mitigated
Limited impact due to sandboxing in Edge browser, but still significant if combined with other vulnerabilities.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website). No public exploit code available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Microsoft Edge version 80.0.361.69 or later
Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0826
Restart Required: Yes
Instructions:
1. Open Microsoft Edge. 2. Click Settings and more (three dots) > Help and feedback > About Microsoft Edge. 3. Browser will automatically check for updates and install if available. 4. Restart browser when prompted.
🔧 Temporary Workarounds
Disable JavaScript
windowsDisable JavaScript in Microsoft Edge to prevent exploitation, but will break most websites.
Switch to Chromium-based Edge
windowsMigrate to Chromium-based Microsoft Edge which is not affected by this vulnerability.
🧯 If You Can't Patch
- Restrict user privileges to limit potential damage from exploitation
- Implement application whitelisting to prevent execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Open Microsoft Edge > Settings and more (three dots) > Help and feedback > About Microsoft Edge. Check if version is below 80.0.361.69.Check Version:
Start Microsoft Edge and navigate to edge://settings/helpVerify Fix Applied:
Verify Microsoft Edge version is 80.0.361.69 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Edge crash reports with memory corruption signatures
- Unexpected process creation from Edge
Network Indicators:
- Connections to suspicious domains following Edge crashes
SIEM Query:
EventID=1000 OR EventID=1001 with faulting module chakra.dll OR Edge.exe