CVE-2020-0828
📋 TL;DR
CVE-2020-0828 is a remote code execution vulnerability in Microsoft's ChakraCore JavaScript engine that allows attackers to execute arbitrary code by exploiting memory corruption when handling objects. This affects systems running vulnerable versions of Microsoft Edge (EdgeHTML-based) and applications using ChakraCore. Successful exploitation could give attackers control over affected systems.
💻 Affected Systems
- Microsoft Edge (EdgeHTML-based)
- ChakraCore
📦 What is this software?
Chakracore by Microsoft
Edge by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attacker to install programs, view/change/delete data, or create new accounts with full user rights.
Likely Case
Remote code execution in the context of the current user, potentially leading to malware installation, data theft, or lateral movement.
If Mitigated
Limited impact due to sandboxing in Edge browser, but still potentially serious if combined with other vulnerabilities.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website) but no authentication. Memory corruption vulnerabilities in JavaScript engines are frequently exploited in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Microsoft Edge version 80.0.361.69 or later; ChakraCore version 1.11.22 or later
Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0828
Restart Required: Yes
Instructions:
1. Apply March 2020 security updates via Windows Update. 2. For Microsoft Edge, update to version 80.0.361.69 or later. 3. For ChakraCore, update to version 1.11.22 or later. 4. Restart affected systems.
🔧 Temporary Workarounds
Disable JavaScript in Edge
windowsTemporarily disable JavaScript execution in Microsoft Edge to prevent exploitation
edge://settings/content/javascript
Migrate to Chromium-based Edge
windowsSwitch to the new Chromium-based Microsoft Edge which is not affected
🧯 If You Can't Patch
- Restrict access to untrusted websites and implement web filtering
- Use application whitelisting to prevent unauthorized code execution
🔍 How to Verify
Check if Vulnerable:
Check Microsoft Edge version: edge://settings/help or Settings > About Microsoft EdgeCheck Version:
msedge --version (Windows) or check edge://settings/helpVerify Fix Applied:
Verify Microsoft Edge version is 80.0.361.69 or higher📡 Detection & Monitoring
Log Indicators:
- Edge crash reports with memory corruption signatures
- Unexpected process creation from Edge
Network Indicators:
- Connections to known malicious domains from Edge process
- Unusual outbound traffic patterns
SIEM Query:
Process Creation where Image contains 'msedge.exe' and CommandLine contains suspicious patterns