Chakra Scripting Engine Memory Corruption Vulnerability

Vulnerability

Analysis

CVE-2020-17048 is a memory corruption vulnerability in the Chakra Scripting Engine, which is used by Microsoft Edge (EdgeHTML-based) and other applications. The root cause lies in the GlobOpt::ProcessPropOpInTypeCheckSeq function within ChakraCore, where improper handling of type check sequences leads to potential memory corruption [1][3]. The commit shows a fix that removes the updateExistingValue parameter from a function call, suggesting that an incorrect argument caused type confusion or memory access beyond allocated bounds.

Exploitation

An attacker could exploit this vulnerability by crafting a malicious webpage that triggers the memory corruption when processed by the Chakra engine. Exploitation requires user interaction, such as visiting a compromised website or opening a specially crafted HTML email in Microsoft Edge. No additional privileges are needed beyond the browser sandbox, and the attack could be executed remotely without authentication.

Impact

Successful exploitation could allow an attacker to execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the affected system, install programs, view/change/delete data, or create new accounts. The vulnerability is rated as Critical with a CVSS score of 8.8 (High) according to NVD [3].

Mitigation

Microsoft released a security update as part of the November 2020 Patch Tuesday (2020.11B) that addresses this vulnerability. The fix is included in ChakraCore version 1.11.22 and later. Users should apply the latest updates for Microsoft Edge and any software using ChakraCore [1][2]. No workarounds are available, but disabling JavaScript in Edge would mitigate the risk, though it may degrade functionality.