Preface: Microsoft Edge no longer uses Chakra. Microsoft will continue to provide security updates for Chakracore 1.11 until 9th March 2021 but do not intend to support it after that.

Background: Chakra, a JavaScript engine that powers Windows applications written in HTML/CSS/JS and used to power Microsoft Edge. ChakraCore supports Just-in-time (JIT) compilation of JavaScript for x86/x64/ARM, garbage collection, and a wide range of the latest JavaScript features. ChakraCore also supports the JavaScript Runtime (JSRT) APIs, which allows you to easily embed ChakraCore in your applications. To make JIT in Chakra (JavaScript Engine in Microsoft Edge) work with ACG enabled, Microsoft runs the parts of Chakra responsible for compiling code in a separate process – JIT Server. The JIT server then compiles the bytecode and writes the resulting executable code back into the calling process using shared memory.

Vulnerability details: Microsoft did not describe too much details. However the design weakness of ChakraCore not only discover this time. For the rest of the details, please refer of the attached diagram.

Official announcement – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17131